Table of Contents
| Foreword | |
| Preface | |
| Pt. 1 | Getting Started: Assessing Your Organization's E-Risks | 1 |
| Introduction | 3 |
| Ch. 1 | Forming Your E-Policy Team | 11 |
| Ch. 2 | Conducting a Comprehensive E-Audit | 17 |
| Pt. 2 | Developing E-Risk Management, E-Security, and E-Insurance Policies to Limit Liabilities | 31 |
| Ch. 3 | Cyberlaw Issues: Understanding Employee Rights and Employer Responsibilities | 33 |
| Ch. 4 | Developing an Effective E-Risk Management Policy | 49 |
| Ch. 5 | A Computer Security Policy to Reduce External Risks | 61 |
| Ch. 6 | Using Cyberinsurance Policies to Help Manage E-Risks | 69 |
| Pt. 3 | Crafting Effective E-Mail, Internet, and Software Policies | 79 |
| Ch. 7 | The Basics of E-Policy Development | 81 |
| Ch. 8 | E-Mail Policy Considerations: Think before You Send | 87 |
| Ch. 9 | An Netiquette Primer for Employees and Managers | 95 |
| Ch. 10 | Inrternet Policy Considerations: Keeping Employees in Line While They're Online | 105 |
| Ch. 11 | Software Policy Considerations: Don't Let Software Pirates Sink Your Ship | 111 |
| Pt. 4 | Establishing an Electronic Writing Policy for Employees | 127 |
| Ch. 12 | E-Writing Guidelines Ensure Speedy - and Safe - Communication | 129 |
| Ch. 13 | Powerful and Persuasive, Safe and Secure Electronic Writing | 137 |
| Ch. 14 | The ABCs of Effective Electronic Business Writing | 145 |
| Ch. 15 | Watch Your Cyberlanguage | 155 |
| Ch. 16 | Formatting Written E-Policies, E-Mail, Messages, and Internet Copy | 171 |
| Pt. 5 | Getting Employees On-Board with Your Online Policy | 177 |
| Ch. 17 | Rallying the Support of Managers | 179 |
| Ch. 18 | Instilling a Sense of E-Policy Ownership among Employees | 187 |
| Pt. 6 | Responding to E-Crises and Recapping E-Policy Needs | 191 |
| Ch. 19 | Fighting Internet Disasters: Drafting an E-Crisis Communications Policy | 193 |
| Ch. 20 | E-Policy Dos and Don'ts | 203 |
| Ch. 21 | E-Policy Development and Implementation Checklist for Employers | 207 |
| App. A | Sample E-Mail, Internet, and Computer Use Policies | 215 |
| App. B | Sample E-Risk Management Policy | 231 |
| App. C | Sample Software Usage Policies | 239 |
| App. D: Glossary of Computer and Electronic Writing Terms | 253 |
| App. E: Resources and Expert Sources | 263 |
| App. F: Suggested Reading | 267 |
| Notes | 269 |
| Index | 279 |
| About the Author | 285 |
Forewords & Introductions
Think your organization is immune from e-risk? Think again. Misuse and abuse of corporate e-mail, Internet, and software assets can trigger costly litigation and protracted electronic nightmares that few employers are prepared to handle.
Take the case of the engineering firm that illegally installed, on one hundred company computers, a $5,000 CAD software program, along with a less expensive word processing package. Oblivious to federal copyright law, the firm loaded software with single-user licenses onto multiple computer workstations and congratulated themselves for their business savvy. They had maximized computer capabilities at minimal cost-or so they thought.
The firm's celebration came to an abrupt halt when a vengeful computer consultant, embroiled in a billing dispute with the engineers, reported the firm's software theft to the Software & Information Industry Association (SIIA) SPA Anti-Piracy division.
SIIA-which relies on informants' tips to police copyright infringement for software manufacturers-gave the engineers fifteen days to cooperate with a full-blown audit of all the firm's computer software or face multiple charges of computer piracy.
The potential financial impact? Tens of millions of dollars. Under federal copyright law, SIIA could recover the retail purchase price of all of the software the engineering firm should have bought, but did not. Alternatively, the SIIA could seek fines against the engineers of up to $150,000 for each item infringed. With two software programs illegally loaded onto 100 computers, the engineering firm faced potential fines of $30 million. Cha-ching!
The engineering firm sorely regretted itsshortsighted decisions to copy software illegally and stiff a vendor. A five-figure, up-front investment in software (and payment of a mere $900 professional fee to the disgruntled consultant who reported them) could have saved the engineers an enormous amount of time, money, and embarrassment. In the end, the firm spent thousands of dollars on attorneys' fees and fines-which could have been avoided had the engineers put in place a written e-policy outlawing software piracy.
This story, based in fact, illustrates just how vulnerable many businesses are to electronic risks. A visit from the software police is just one of the e-dangers employers face. Any employer who grants employees access to the company's e-mail, Internet, or Intranet system faces a multitude of potential legal liabilities.
These e-risks, which are catalogued in this excellent book, include invasion of privacy, harassment, defamation, violation of copyright laws, and leakage of trade secrets.
In our law practice, we frequently advise business clients on the importance of drafting written policies to govern sexual harassment, employee violence, and other objectionable or illegal conduct in the workplace. Perhaps because of all the media attention these issues have received, most employers understand the role written policies play in protecting their organizations from liability.
Not so with e-policies. Many employers-including those whose businesses rely heavily on computer hardware and software-do not yet grasp the importance of establishing written e-policies to prohibit the unauthorized use or cop ying of software, and to regulate employee use of computers, e-mail, and the Internet.
In our opinion, no business that uses computers should be without written software, e-mail, and Internet policies. The implementation of written policies is one of the best ways to ensure your computer assets are used as intended for business purposes.
This book, The E-Policy Handbook, is the most comprehensive and helpful guide we know of to create these policies.
Although we have written many software and e-mail policies for our clients, we have gained valuable insights and suggestions from this book which we now have incorporated into our policies. Besides being packed full of valuable information, The E-Policy Handbook is a delight to read. We enthusiastically commend it to you.
Donald C. Slowik, Esq.
Christopher T O'Shaughnessy, Esq.
Lane, Alton & Horst
Attorneys At Law
Columbus, Ohio
Read an Excerpt
1. Forming Your E-Policy Team
Regardless of whether you operate a large organization with a full-time staff of in-house experts or a small business that relies on part-time help and the advice of paid consultants, you will want to form an e-policy team to oversee the development and implementation of e-mail, Internet, and software policies that respond to your organization's electronic needs and management challenges.
The size of your e-policy team will depend on the size of your organization, the scope of your electronic exposures, and your willingness to commit financial and human resources to e-risk management. For most organizations, the e-policy team will be made up of some or all of the following professionals.
Potential E-Policy Team Members
Senior Company Official Increase the likelihood of e-policy success by appointing a senior executive to head up your e-policy team. The involvement of a top executive will signal to the staff that your company is fully committed to its e-policy program and expects employees to support the policies as well. With a white knight leading the charge, your e-policy team should have no trouble receiving the funding and support necessary to complete its assignment in a timely manner.
Research Consultant
You cannot hope to change staff behavior until you know precisely what type of computer-related activity your employees are engaged in. Merely assuming your employees are using your computer assets appropriately is not good enough. As a responsible employer, you must ascertain exactly how your employees are using, and perhaps abusing, their e-mail, Internet, and software privileges.
The mosteffective way to gather that intelligence is to conduct a comprehensive internal audit. An organization with a large staff and significant e-risks may want to retain a professional research consultant or other cyberexpert to customize a written e-mail, Internet, and software usage questionnaire, tabulate responses, and prepare a written report for the e-policy team's review. At smaller operations, the tasks of drafting the questionnaire, tallying responses, and preparing a summary report likely would fall to an e-policy team member who can be counted on for accuracy, sound judgment, and discretion. (See Chapter 2 for a sample e-mail, Internet, and software usage questionnaire.)
Human Resources Manager
Regardless of your industry or organization size, your human resources (HR) manager should play a key role in the development and implementation of your e-policies. Involve your HR manager in all aspects of the e-policy program, from planning, through writing, to training and enforcing.
If you don't have an in-house HR manager, assign the executive responsible for hiring, disciplining, and terminating employees a spot on your e-policy team.
Chief Information Officer
Your chief information officer (CIO) can help the e-policy team bridge the gap between people problems and technical solutions. Information management professionals can play an important role in identifying electronic risks and recommending the most effective software tools and techniques to help manage those risks.
Legal Counsel
No matter how well-written, comprehensive, and compelling you believe your e-policies are, do not circulate them to employees until they have undergone thorough review by an experienced employment law or cyberlaw expert. Have your legal counsel review your epolicies to ensure that all applicable federal and state laws and regulations are addressed and that rights are protected (see Chapter 3).
E-Risk Management Consultant
Effective electronic risk management calls for coupling management techniques and software tools. Have you educated your employees about your organization's risks and the ways they can help limit liabilities? Do you consistently delete e-mail messages that some day could come back to haunt you? Have you installed monitoring and filtering software? An e-risk management consultant can work with you to develop effective risk management guidelines to help structure and support your e-mail, Internet, and software usage policies.
Computer Security Expert
While developing your e-policies, take time to assess and address your organization's computer security concerns and capabilities. Computer security policies and procedures are designed to mitigate risks by keeping malicious external hackers and internal saboteurs out of your system. If your organization does not employ an in house computer security professional or team, hire an outside consultant to assess and address your e-security risks (see Chapter 5).
Cyberinsurance Broker
No organization is completely free of electronic risk. Even with comprehensive, written e-policies in place, disaster will strike on occasion. Mitigate e-disaster liabilities and costs by putting into place a comprehensive cyberinsurance program. If you have not done so already, consult with an experienced cyberinsurance broker to review your e-risks and discuss the protection e-insurance offers (see Chapter 6).
Training Specialist
Your written e-policies are only as good as your employees' willingness to adhere to them. Spend as much time communicating your epolicies as you do developing them. Don't rely on employees to train themselves. Support initial e-policy training with continuing education tools and programs.
Make employee education the shared responsibility of your training manager, HR director, and the managers and supervisors who interact with employees daily and are positioned to correct inappropriate behavior on the spot.
Writing Coach
One of the most effective ways to control e-risks is to control e-content. An experienced corporate writing coach can help craft your written epolicies and develop a customized electronic writing policy for your organization. Your e-writing policy will work in tandem with your e-mail and Internet policies to ensure content is clean, clear, and compliant. Maximize the effectiveness of e-communication by having your writing coach take employees and executives through a refresher course on the ABCs and Ps and Qs of effective electronic writing (see Part 4).
Public Relations Manager
In the event of an electronic disaster-a hacker attack that shuts down operations, a high-profile lawsuit that captures the attention of the media, the arrest of an employee accused of soliciting sex from minors via the company's Internet system-your PR manager will play an important role in keeping employees, the media, customers, shareholders, and others informed, while killing rumors. Hope for the best, but plan for the worst. Incorporate a written e-crisis communications policy into your organization's comprehensive e-policy (see Chapter 19).
Chapter 1 Recap and E-Action Plan: Planning a Risk-Free Future
E-communication and e-commerce are here, and they are here to stay. Almost all organizations, regardless of size, type, or industry,
operate e-mail systems to facilitate internal and external communication. Access to the Internet is a given in most offices. And there has been explosive growth in the number of companies that have established Web sites to dispense information and sell products and/or services. From start-up dot-coms to Fortune 500 companies, it seems as though everyone today is engaged in e-commerce and e-communication.
According to Forrester Research, business-to-business transactions over the Internet are expected to reach $1.3 trillion by 2003.' All that e-communication and e-commerce is not restricted to corporate giants. Even the smallest companies are getting into the act. A survey conducted by Bruskin-Goldring for Bank One reveals that almost half (49 percent) of small-business owners with 10 or fewer employees have Internet access. Among them, 35 percent operate their own Web sites.
With all that electronic activity comes risk. Employee use of corporate computer resources can open an organization to liability risks, jeopardize security, and waste productivity.
Fortunately, employers do not have to sit by and wait for e-disaster to strike. By assessing employees' attitudes toward and use of computer assets, establishing proper e-risk management and security procedures, buying the right cyberinsurance products, and enforcing written e-policies, employers can take big strides toward reducing electronic risks in the workplace.
No organization-public or private, for-profit or not-for-profit, international giant or regional small business-can afford to engage in electronic communication and e-commerce unprepared. The potential risks and costs are too great.
1. Marshal the combined expertise of your e-policy team, and get to work on the timely development of written e-mail, Internet, and software usage policies.
2. While developing your e-policies, review related policies that can play a significant role in e-risk reduction. If your e-risk management, e-security, e-insurance, and e-writing policies are inadequate or nonexistent, now is the time to address them.
(2255 ratings)
loading...