When employees have access to the internet at work, there are serious risks involved. They can download viruses, create legal liabilities, gain unauthorised access to critical information and, potentially, leak it. Good technical security and staff training can help. Good staff/security policies are also important because they make it very clear what is acceptable and what is not.You will need to get professional advice   in   drafting  staff    policies   and    changes   to
employee contracts.  It  is also worth getting advice about how to introduce new policies to staff and combine them with a training programme.
 
         
         
How to prepare and implement a policy :  
     
    Be clear about the risks you are trying avoid.  
         
    Consult staff about the proposed policies for their feedback.  
         
   
Ensure there is a balance between practicality and control. Remember that trust is as important as supervision.
 
         
   
If you use a lawyer's policy, check to make sure that it applies to your circumstances and that it is easy to understand.
 
         
   
Where appropriate, include the new policies in staff handbooks, new employee induction, intranet sites and so on.
 
         
    It needs to tie in with your disciplinary procedures, employee contracts and other policies.  
         
    Make sure that everyone sees the policy once it is finalised.  
         
    Make sure that the policy is available for people to consult.  
         
   
Someone in the company should be responsible for implementing and monitoring the policy.
 
         
    Keep the policy under review to make sure it stays current.  
         
         
Sample Security Policies (guide only)  
         
  1.   ISMS Policy  
         
  2.   Giving Access to Files and Documents  
         
  3.   Retaining or Deleting Electronic Mail (E-Mail)  
         
  4.   Securing Against Unauthorised Physical Access