Home : Networking : News

Third of companies have no staff internet policy

Survey finds that 30 per cent of organisations have no acceptable usage policy governing what workers can and can't do on internet.

By Rene Millman, 16 Apr 2007 at 15:33

gallery

Nearly of third of UK companies have no acceptable usage policy governing staff use of the internet, according to a new study.

The survey of 250 IT professionals, carried out by network content technology firm Chronicle Solutions, found that 30 per cent of respondents said they did not have an acceptable use policy (AUP) for the internet at work, and of those who did, 94 per cent said they had not read it recently. The 42 per cent said they had not read it in the last year, whilst 33 per cent could not recall when they had seen it last.

The survey also found that less than five per cent of policies cover P2P file sharing, and that only a third of employers ask new hires to read, agree and then sign off on the company acceptable use policy when they join. The survey found that four in ten respondents aren't certain if there are penalties for breaching their company's AUP.

Experts said the findings were a mater of "serious concern" and bloggers could put their jobs and the corporate brands at risk. No respondent to the survey said that blogging was banned or even covered by their employer's AUP.

"Corporate reputations can be damaged by errant bloggers, fraud can be perpetrated via email, proprietary information can be leaked or sold for profit, private employee data can be shared, sexual harassment can be perpetrated, all on workplace PCs," said David Lacey, former CSO of the Royal Mail, now internet security consultant and founder of the Jericho Forum. "Instant messaging and web mail in particular are two of the most persistent vectors of information leakage, yet even those look to be absent from most AUPs."

Another survey found that employees have a relaxed attitude towards security on their laptops, sharing PIN numbers and passwords, the shredding of documents and seem happy sharing personal details over the internet.

The research, carried out by data encryption company SafeBoot, found that nearly half of respondents had security on their laptop but had no idea how to use it what it did, or they found it too complicated and hadn't bothered to learn anymore about it.

Nearly a quarter of the 750 UK respondents had lost their laptop or had it stolen, with nearly one in four of these having lost it more than once. Over 25 per cent said they didn't see the point in shredding documents.