1

Purpose-Driven Internet & Information Technology User

Tutorial

See the “Notes Section” under this slide, and the others, for

explanations.

2

Quiz: What do you know?

T/F Personal email at work is my own, private, and is confidential.

T/F When I delete an email and attachments no record of it exists.

T/F I may use my work computer to express opinions about the company, competitors or politics in email, social media, etc.

T/F I may visit sexually explicit websites at work/offsite as long as it is during lunch, breaks, etc. or non-work hours using my company workstation, smart phone, tablet etc.

T/F If I download or install copyrighted material onto my work computer without a valid license, only the company or

organization can be held liable.

T/F There are no risks to clicking on a Web link, email, attachment or file accessible on the Internet.

3

If You Answered TRUE to Any of The Questions...

You may be in need of additional enlightenment regarding the

“Technology & Internet Usage Policy”

4

Purpose of Tutorial

To teach the appropriate use of computers and other IT Resources.

To ensure a productive, collaborative, and healthy work environment.

To realize purpose-driven Internet use using LOVE.

5

Upon Completing this TutorialYou Will…

• Understand Internet and E-Mail Policy• Identify What Hardware

and Software You Use• Recognize Unacceptable & Risky

Usage• Make Informed and responsible

decisions about using IT resources & Internet

6

What Hardware Do You Use?

• Identify Your Hardware– Personal computers, laptops, tablets, printers, wireless access

devices– Cell phones, smart phones, cell cameras/video, audio recorders – Web cameras and microphones– USB Removable Memory– Access control cards and tokens– (Note: placeholder for additional hardware ….you may want to

add)

7

What Organization-Owned and/or Licensed Software Do You Use?

• Identify Your Software– Internet access: Virtual Private Network (VPN), Public Key

Infrastructure (PKI)– CRM (customer relationship management)– Word processing, spreadsheet, presentation, database– Internal and external email– Social Media (Facebook, Twitter, YouTube, Pinterest etc)– Chat– File transfer and storage– Collaboration tools:

• Video conferencing• Electronic white boarding• Skype

8

What is acceptable Internet use?

• An organization provides computers and software to help users to perform work-related tasks more easily, productively and cost effectively to realize the stated purpose.

• These tools facilitate work-related:– Communication – Information movement and sharing– Market/product Research– Group collaboration

• They also help individuals provide higher levels of service to both external and internal customers & partners.

9

Impact of Malicious or Careless Use…Introduction of computer/network viruses

…Loss of your personal information

…Exposure to offensive content or circumstances

…Disruption to systems and operations and negatively impacting your fellow users…

…Damage to your, or organization’s reputation & image

…Competitors gaining access to intellectual property

10

Impact of Malicious or Careless Use

…Legal liability for the company and YOU

…An unprofessional, hostile or threatening work environment

…Lost productivity and revenue/profitability

11

Malicious Usage Can Result In...

• Immediate Termination of Employment

• Loss of Company Revenue

• Company going out of business

12

Did You Know … You Leave a Traceable Record?

• Every time you transmit information from your company computer, it is logged and time-stamped with information that identifies both the source and the destination.

• Every time you send a message via email, your name and company is represented in the address: somebody@CompanyName.com

13

Did You Know…You Leave a Traceable Record?

• There is a record of all on-line activity, such as:• Web surfing and all sites visited• Email and web email document content• Chat conversations• Files downloaded, uploaded etc.• Games played

• There is no anonymity or privacy when it comes to using the Internet and company IT Resources.

14

Most Organizations Monitor Usage

To protect (your company), all employees, customers, company operations and intellectual property; (the Company) monitors the use of all IT resources.

(The Company) reserves the right to monitor, access, read and delete any electronic communication along with attachments and files that are created, received or sent over it’s system by any employee.

15

(Company) Monitors Usage

• All network traffic and content is copied on backup files and can be reviewed at any time by the management of the company.

• Employees/users do not have a personal privacy right in any item created, received or sent from or to the company’s IT system.

16

Management Reports

• Email activity is regularly monitored with attention to both senders and receivers.

17

Categories of Non-Acceptable Use

• Disclosure of Confidential, Privileged and/or Private Information

• Harassment • Inappropriate Content• Copyright & Proprietary Violations• Personal Gain• Hacking & Malicious Activity• Social media-Blogging policy abuse

18

Inappropriate Disclosure

Examples of inappropriate disclosure include:• Sending, receiving, posting and/or printing and

distributing confidential, proprietary, privileged and private information.

• Making inappropriate claims (such as “guaranteed return on your investment”) inside or outside the company.

19

Inappropriate Disclosure (Cont’d.)

• Sending or posting messages or material that:• could damage the image or reputation of the

company or its officers.• disparage or slander another company’s

employees, products or services.• could legally or competitively expose the

company.• Passing off personal views as representing

those of the Company.

20

Harassment

• The company’s policy against sexual or other harassment applies fully to all IT tools and resources.

• This includes displaying, transmitting, posting and/or printing off and distributing messages, images, videos, jokes, cartoons, etc., that could reasonably offend someone on the basis of:• Race• Sex• Age• Religious or political beliefs• National origin• Disability• Sexual orientation

• Sending or printing off and distributing anonymous emails or spam is unacceptable.

21

Inappropriate Content

Examples of inappropriate content include:• Accessing as well as participating in the viewing

of obscene or offensive sites (pornography, violent or hate-related images, etc.) via websites, chat rooms, newsgroups, email lists, etc.

• Transmitting or printing off and distributing pornographic or obscene materials.• If someone is “offended” = legal harassment!

22

Intellectual Property, Confidential Information & Copyright Violations• Intellectual property is any product of the human intellect

that is unique and has some value in the marketplace. • Examples include:

– Ideas and inventions– Literary or visual creations– Unique names– Business methods or industrial processes– Chemical formulas– Computer programs– Presentations

• Sending company intellectual property or other proprietary information to unauthorized persons or companies or to competitors is unacceptable.

23

Intellectual Property, Confidential Information (Cont’d.)• Confidential information includes company data,

customer records & any data meant to be private• It is also unacceptable to download, purposely

receive or copy illegally obtained copyrighted or protected works from the Internet, from home, or over the network. Examples include:– Software– Music– Videos– Images– Text

• Installing or copying software onto your computer without prior authorization and proper licensing by IT.

24

Personal Ventures

Examples of personal ventures include:• Soliciting outside business ventures.• Promoting causes not authorized or approved by

the company.• Sending or posting chain letters, solicitations or

advertisements not related to business purposes.• Promoting political or religious causes or activities.• Gambling.• Using company IT systems and resources for

personal purposes.

25

Hacking & Malicious Activity

Examples of hacking and malicious activity include:• Breaking into the computer system of another

organization or person.• Accessing secure areas of the company system that you

are not authorized to use.• Jeopardizing the security or operation of the company’s

electronic communications system.• Knowingly transmitting viruses, malicious code or spam.• Intentionally destroying or modifying network files,

configurations, passwords, or logins.• Accessing another person’s computer physically.• Accessing or printing information without authorization.• Intentionally intercepting or sniffing information from the

corporate IT resources network.

26

Think before you click

The Five Worst Security Mistakes End Users Make– Failing to install anti-virus, keep its signatures up to date, and

apply it to all files.

– Opening unsolicited e-mail attachments without verifying their source and checking their content first, or downloading and executing software, add-ons or other unauthorized programs without IT knowledge or approval.

– Failing to install security patches.

– Sharing log-on information with other users.

– Ignoring company’ security policies & procedures.

27

What Is Non-Business “Acceptable”?

• This will serve as a placeholder for an organization to insert any “approved” usage.

• Ideally, all business and non-business Internet activity will be goal-oriented and well-defined.

28

Consequences of Non-Acceptable Use

• Employees that deliberately violate (Company’s) Internet & Electronic Mail Policy may be subject to disciplinary action up to and including discharge.

• Employees may also be held personally liable for violations of this policy (such as penalties for copyright infringement.)

29

(Company’s) Internet & Electronic Mail Policy

(COMPANY NAME) INTERNET AND ELECTRONIC MAIL POLICY

Company Name (or the “Company”), as part of its computer network, provides access for employees to an electronic mail (“e-mail”) network and limited access to the Internet. The Company has adopted the following policy with regard to access to and disclosure of e-mail messages sent to or received by Company employees, as well as access to the Internet…(cont’d.)

30

Next Steps (for paper policy provided in classroom)

• Carefully review the Internet and Electronic Mail Policy.

• Direct any questions to (name of internal resource) at (provide email and/or telephone extension.)

• Indicate that you have read and understand the policy by signing where indicated (or if electronic signature capability is present, utilize this technology.)

• Return the signed policy to (name of internal resource.)

• The policy can also be found at (web link provided here.)

31

Thank You…

…for helping to create a productive, collaborative and healthy work

environment at (Company) through effective use of computers and other IT

resources.

Go the next slide to complete tutorialmailto:compliance@company.com?Subject=Policy%20Training%20Tutorial%20Completed&Body=I%20acknowledge%20that%20I%20have%20received%20the%20Company

%20Internet%20and%20Electronic%20Mail%20Policy%2C%20have%20reviewed%20it%2C%20and%20have%20had%20any%20questions%20explained.%20%20I%20understand%20that%20I%20must%20comply%20with%20the%20Policy%20and%20that%20my%20failure%20to%20comply%20may%20result%20in%20cancellation%20of%20my%20privilege%20of%20use%2C%20appropriate%20disciplinary%20action%20and%20action%20by%20law%20enforcement

%20authorities.%20Sending%20this%20Email%20indicates%20your%20agreement.%0D%0A%0D%0A

32

Acknowledgement

• I acknowledge that I have received the Company's Internet and Electronic Mail Policy, have reviewed it, and have had any questions explained. I understand that I must comply with the Policy and that my failure to comply may result in cancellation of my privilege of use, appropriate disciplinary action and action by law enforcement authorities.

• Employees must agree: “I have reviewed and understand the company Internet usage policy and understand the consequences for non-compliance…”