Cyber Security from the Inside Out: Internet Use Policies for Small Businesses
The internet plays a significant role in running your business—as it should!
Choosing a software as a service (SaaS) solution like MINDBODY puts your business online and makes it accessible to your clients, all of the time. This also means that your staff is online all of the time, too. But be wary: the internet is full of distractions and security risks that your staff can get tangled up in. As a business owner, it’s important to discuss appropriate use of the internet with your staff. A good way to start that conversation is with an internet use policy (IUP).
What is an internet use policy?
An IUP is a document that outlines your business’s rules regarding the use of the internet, including your MINDBODY site. Your policy should also include an explanation of the processes and consequences if the rules are broken.
Why do you need one?
The reasoning behind IUPs is twofold: They boost accountability for productivity and they help keep your business safe online. As the internet grows, our attention spans shorten. A mind idling even for a brief moment can lead straight to social media news feeds, endless lists of 20-something things that every 20-something needs to know, online shopping, or even worse: Farmville. This time that gets sucked into the black hole of the web is time that’s not being spent completing tasks at work or helping your customers.
What’s even more dangerous than online distractions are the viruses and malicious hackers that pose a threat to your business. According to First Data, the average cost of a security breach for small businesses is $36,000 in fees and recovery expenses. What’s more, your business’ reputation will take a serious blow. Are these hits that your company can afford? An IUP can help steer your staff clear of sites and activities that create online vulnerabilities for your business.
What to include in your policy:
- Intention - Be sure to verbalize the “why.” Communicate that your goal is the betterment of the business—this will go a long way to ensure employee buy in.
What’s OK - What sites can your staff members visit while they’re clocked in? Are they allowed to connect to your studio’s WiFi with their phones? Can they surf the web during downtime?
What’s not OK - What type of sites and activities are prohibited? Can employees download files to your work devices? This section should detail the dangers that you want your staff to dodge.
MINDBODY-specific rules - Staff permissions will allow or disallow access to certain functions of your site for certain staff members, but your IUP can extend those controls. Consider spelling out which functions are off limits entirely, including rules about changing or exporting client data.
Consequences - Outlining and upholding consequences is important to support the significance and credibility of your IUP. Make sure employees are aware that they’re accountable for their actions online.
- Be specific - Don’t leave loopholes to be leapt through. Avoid vague phrases like “Do not visit inappropriate sites,” which can be interpreted subjectively. Be clear: “Do not visit online gaming sites or sites with explicit sexual, violent, or hateful content.” If you want to limit social media, make sure you’re spelling out which sites you don’t want your staff members spending time on.
Be approachable - Allow your staff to ask questions, and make yourself available to discuss any concerns they may have. When you’re rolling out the policy, it might be best to schedule a time to introduce it to your staff in a group setting and encourage a discussion about it.
Get signatures - Make sure that each staff member reads and acknowledges the IUP. The easiest way to do this is with a signature. This way, if issues arise, they can be held responsible for their actions.
Lead the way - If you’re laying down the internet law, make sure you’re also following it. It’s hard to discourage your staff members from following what’s trending on BuzzFeed at work if they see you scrolling through the site yourself.
Once you’ve created and implemented your IUP, incorporate it into your training for new staff members. This way, as your business grows, the efficiency of your staff and the online safety of your business remains.