In terms of a general security policy ensure good general behaviour by:
Banning access to unsavoury sites. This could include online auction, gambling and social networking sites. Tools and technologies are available to help you
with this task if it is a significant problem.
Banning all sharing and downloading of copyright material such as songs, films and videos.
Letting people know their internet access is being monitored and activities will be reviewed. Again there are tools to help you with this if you see it as a significant problem.
Telling people to protect their passwords and enforcing password changes every so often. There are tools to assist with this.
Clearly stating what will happen if anyone breaks any of these rules.
Ensuring emails have an automatic disclaimer about the content.
Stating how email communication is to be conducted – maybe using the “letterhead” principal.
Everything that you write in an email is as binding as a letter on your official note paper.
Letting staff know your acceptable use of Instant Messaging, if you permit it at all.
It is important to consult with people over the security policy and explain why it is so important. After all it is everybody’s jobs and reputations on the line if someone transgresses. You will also need to make sure that all of your employment contracts refer back to the security policy so that you have recourse if someone flouts the policy. It is also an idea to periodically check the policy to make sure it is keeping up with the latest innovations and technologies.
The cost of monitoring tools and software vary from £25 - £100 per PC. Setup is very straight forward and is often a download from a vendor's site, taking about
20 minutes to install and configure.
Here are a number of providers of internet and email usage monitoring software:
Creating IT security policies
Business IT Guide
enables businesses to make the right IT decisions