Want to create an effective computer usage policy for your business but don’t know where to start?
If your employees do most of their work on a computer, then a computer usage policy is a must have. It guides your employees on how to use their work computers, what to use it for, and keeps your company safe from legal liability.
In this article, we’ll take a look at what a computer usage policy is, why you need it, and a sample of a usage policy you can follow as a guideline when you’re creating your own.
This Article Contains:
(Click on the links below to go to a specific section)
- What is a Computer Usage Policy?
- Why do You Need a Computer Usage Policy?
- What Should You Cover in Your Computer Usage Policy?
- Sample Computer Usage Policy
Let’s dive in.
What is a Computer Usage Policy?
Note: These first few sections focus on what a computer usage policy is, why you need one, and what goes into it. If you want to skip ahead to the sample policy, click here.
A computer usage policy is a document that provides employees with guidelines on how to appropriately use company equipment and the internet on your work computer network.
With such a policy, employees will be aware that browsing specific sites, downloading certain files, and using the computer system for anything other than business purposes is prohibited. It’ll also highlight how violation of the policy can lead to termination of employment and other consequences.
This way, you protect your business from various risks like losing or leaking important information and computer files or getting your computers infected with malware.
However, businesses aren’t the only ones who benefit from such a policy.
Most universities also have a computer and internet usage policy. Students, faculty, and staff have to adhere to a similar university policy when using a university computer or when they access the university’s information technology resources.
To use the campus network, students might have to go to a specific computing facility on campus or the university’s library and access the computers from the library staff or with their library card.
This kind of policy can minimize the risk of computer misuse – whether in the university library or a business office.
Why do You Need a Computer Usage Policy?
Did you know that 50% of employees don’t know what’s expected from them when it comes to computer and internet usage at work?.
With a computer use policy, you’ll set precise guidelines for your employees’ computer usage, and they’ll know what behavior is expected of them when they use the organization’s computing resources.
Let’s take a look at where a computer usage policy can help you:
1. Prevents Piracy and Security Issues
About 92% of computers with pirated software have malware like Trojan horses, viruses, and worms.
Additionally, if your employees download pirated files or software, your company will be liable and have to pay fines as hefty as $150,000 for every instance of software and other resource piracy.
When you have well-defined rules that prohibit the usage of unlicensed or pirated programs, you can minimize the risk of running into serious security and legal issues like those mentioned above.
2. Minimizes Computer and Network Misuse
There are many ways in which your employees can misuse your computer and information resources.
So, which specific computer and network activities should you advise against in your policy?
You can prohibit activities like:
- Hacking: Employees using your computer system to gain unauthorized access to data, other computer networks, or user logins.
- Data misuse: Illegally revealing or transferring the company’s data to personal devices.
- Copyright infringement: Copying of intellectual property (software, movies, books) and distributing them on the internet without copyright holder permission.
- Identity and financial abuses: Financial frauds and handling stolen credit card information.
- Cryptocurrency mining: Using your computer resources and power to mine bitcoins and other cryptocurrencies.
- Using excessive network bandwidth: Downloading unnecessary files that might result in bandwidth loss.
That’s why you need to include such guidelines in your company’s computer usage policy too. This way, there are clear rules which your employees can refer to, and they’ll understand the consequences received if they violate the policy.
3. Helps You Address Employee Privacy Concerns
Privacy-related laws and monitoring rights might differ according to country and state.
That’s why it’s important to create a straightforward policy about the degree of privacy your employees should expect and your company’s monitoring rights in the workplace.
Most employees expect to have personal privacy while working on company-owned computers.
However, according to the Electronic Communications Privacy Act of 1986, an employer can monitor employee activity on three occasions:
- Business exception: An employer can intercept employee communication when transmitted on company-owned devices during the ordinary course of business.
- Consent exception: An employer can monitor communication activities as long as at least one individual agrees.
- Service provider exception: An employer can monitor communication on the company’s communication system channels. These include email use, voicemail, and other communication software.
Emphasize in the policy that the computers are a company asset and not a device on which they can conduct personal activities.
Including such aspects in your computer usage policy can help your employees understand what expectation of privacy and monitoring they should have, and help them stay away from unproductive internet activities.
What Should You Cover in Your Computer Usage Policy?
A typical computer usage policy structure includes:
This is the introduction to the document. State your company’s name and briefly mention the reasons for creating a policy.
State briefly what this document will include – and the people, facilities, and equipment it applies to.
When you state the purpose of the policy, your employees won’t feel like their privacy is aimlessly infringed.
Mention the most important reasons for creating a policy.
Phrase it in a way that your employees can see how this policy will help both the organization and them to be better at their job.
The policy itself can vary depending on your industry and the type of business you’re running. But aim to include the following sections which you can customize depending on your needs:
A. A Blanket Statement
Even though you’ll have lots of specifics on how your employees should conduct certain procedures, try to include a blanket statement.
This statement should state that your employees can expect to be monitored when using work computers and the business network.
This way, you’ll make it clear that they should not expect personal use privacy while using company equipment.
B. What is Appropriate Employee Computer and Internet Usage?
Describe what’s included in proper employee computer use and internet access.
This section is specific and should be customized to the nature of your business. For example, many companies prohibit using social media during work hours. However, if you’re a social media marketing agency, this isn’t feasible.
In this case, you have to specify what their job duties are and the approved activities to carry out those duties. Also, clarify their level of authorization as computer users and what the acceptable use of these communication platforms is.
C. What is Inappropriate Employee Computer and Internet Usage?
In this section, try to answer these questions:
- Which activities are considered unauthorized?
- When are employees prone to abuse their access to confidential information?
- In what instances will employees have to be denied their computing privileges?
- On what occasions do they breach security policies and abuse internet use?
- What type of activities are considered illegal and will have law enforcement consequences?
D. Sections on Each Procedural Policy
Here, you can include additional specifications on:
- Usage: Computers should not be used for any illegal activities, chain letters (electronic mail spam), or discriminatory communication. You can include more specific usage violations.
- Monitoring: Clarifies that employees should not assume their privacy is protected while using the company-owned computer equipment – and that employers have the right to monitor their activities on the computers.
- Security: Employees should not engage in activities that jeopardize the security of the computer network system.
- Copyright: Employees cannot copy, retrieve, or modify copyrighted materials without the permission of the copyright holder. Violation of this policy can lead to copyright law enforcement for both the individual and the company.
You can expand on each of these sections to include specifics related to your industry and business.
E. Disciplinary Action
In the end, state that violating the policy will lead to disciplinary action. Specify what this action is, the procedure and whether the employee will get a warning beforehand.
Sample Computer Usage Policy
Now, let’s take a look at a sample computer policy you can refer to when creating your business’s policy:
(A downloadable version of this policy is available at the end of this section.)
1. Policy Brief and Purpose
This company computer usage policy outlines the guidelines for properly using its computers, network, and internet.
The aim of this company policy is to avoid inappropriate, illegal, and unauthorized use of the computing equipment and information technology, and to avoid jeopardizing the company’s reputation and security.
This computer usage policy applies to all employees and other individuals like partners, volunteers, independent contractors, and those who have access to the company’s network and computing facilities.
Proper Computer, Email, and Internet Usage
Employees are expected to use computer devices, the internet, and company computer network to:
- Work on their job responsibilities.
- Do work-related research.
- Use the email system and social media only for work-related purposes.
Employees are expected to:
- Use secure passwords and keep their user ID information private.
- Not connect their personal computers to the company’s computer system.
- Not give their computer login information to others or grant them unauthorized access to the company’s computer system.
Abuse of Policy and Inappropriate Computer Usage
Employees should not use the company’s computers to:
- Send confidential information to unauthorized user accounts.
- Download or upload illegal files or spread illegally copyrighted materials.
- Invade others’ privacy, corporate accounts, and email communication.
- Visit unsafe websites that can crash the system or spread a virus in the company’s network.
- Engage in hacking activities, steal personal or financial information, mine cryptocurrencies, buy/sell illegal goods.
- Turn off the computer’s firewalls or antivirus programs without a system administrator or a manager’s permission.
Electronic media should not be used for transmitting chain letters and other email spam.
The computer devices should only be used for business-related purposes, and employees should not abuse computer data usage limits.
Additionally, network access will be granted to authorized user accounts only.
The company has the right to monitor regularly all electronic communication channels that happen on business computing devices. These include email accounts and other forms of communication and data sharing that occur on work computers.
The company uses this information to increase the efficiency of its operations and improve employee productivity.
Employees should not assume that the communication on these devices is exclusively private and should not use them to transmit private messages or personal data.
Employees should not give their authorized access information to users without proper authorization.
They shouldn’t try to obtain other employees’ password information, hack into other networks, or engage in other activities that put the company’s system security at risk.
Consequences for Being Non-Compliant
Employees who violate this computer usage policy will face disciplinary action.
A warning will follow violations. Depending on the severity of the violation, the employee can face termination of employment or other legal actions.
Examples of severe violations are:
- The usage of computer devices to engage in any sort of illegal activity.
- Activities that spread malware like viruses, worms, and Trojan horses.
- Spreading discriminatory, offensive, or harassing messages. There’s a zero-tolerance policy on any kind of harassing and discriminatory communication that can be associated with the company.
Disclaimer: This computer usage policy sample provides general guidelines and should be used only as a reference. The sample might not adhere to relevant local, state, or federal laws and is not a legal document. Time Doctor does not assume any legal liability arising from the use of this sample policy.
Apart from minimizing risk, a computer usage policy will help your employees understand what is acceptable and what is not when they’re using a company computer.
This way, you clearly illustrate their responsibilities, which results in better efficiency, more productive employees, and a more secure online working environment.
Follow the tips we’ve mentioned above, and you’ll create a strong computer usage policy that keeps your employees focused and motivated in no time!
Liam Martin is the co-founder of Time Doctor—one of the world’s leading time tracking software for remote teams. He is also the co-organizer of Running Remote, the world’s largest remote work conference.