Technology is constantly developing and influencing our business. Most of us will use technology as part of our job role and will benefit from it making our lives a little easier and improving the service we’re able to provide our colleagues, members and customers alike.
However, like every organisation, we’re often subject to attempts to compromise our systems. These attempts can happen when we’re doing things as simple as browsing the internet or opening an email. This policy seeks to prevent any unauthorised use of our systems, data theft and system corruption, as well as any criminal or other liability for you and our co-op.
What are the really important things not to do?
Please ensure you do not use our network, resources or equipment to do the following:
- Download software or data (if you need to do this, you must seek prior authorisation from IT Services).
- Display, access, store or distribute any kind of inappropriate material which contravenes any of our policies (including, but not limited to, Inclusion and Diversity).
- Transmit abusive, profane or offensive language.
- Propagate any virus, worm, Trojan horse or Trap Door programme code, Malware or any other potentially malicious software.
- Disable or adversely affect any computer system network, or to circumvent any system intended to protect the privacy or security of another user.
You should also never:
- Release confidential information about our co-op, customer data or trade secrets.
- Upload any software licensed to our co-op, or data owned or otherwise licensed by us, without prior authorisation from the Head of IT Services.
- Share your individual user ID and password log-in details with anyone else (or use another colleague’s details) without the prior authorisation of a Chief Officer.
- Open any attachments unless they are expected, of known content or are from a known source.
- Attempt to disable or circumvent any IT facility (e.g. internet firewalls) which ensures the safety and security of our IT and communications networks.
- Use a company device to playback or stream TV programmes (due to TV licencing laws).
What should I be aware of in terms of copyright and data ownership?
- Any files or software downloaded via the internet onto our network becomes our property, so must be used in ways which are consistent with our licences and / or copyrights.
- We retain the copyright to any material posted to any forum, newsgroup, chat or webpage by any colleague in the course of their duties.
- If you have internet access, you should take particular care to understand copyright and libel laws. This helps to ensure our use of the internet does not violate any laws which might be enforceable against our co-op. You can read more about Copyright and Intellectual Property throughout this section.
Will you monitor my activity?
It’s important for you to know that our systems record all users’ email messages (sent or received) and an internet history is also stored. Files and messages that are deleted are still retrievable by us for a period of time. Our firewall and IT security systems record file transfers on our network, as well as restricting incoming and outbound messages as part of safeguarding procedures.
We may access, monitor, analyse and / or keep records of communications and your use of IT (at any time and without notice) to generally monitor your compliance with this policy, as well as to:
- Detect and / or prevent crime.
- Ascertain whether ‘we’ (our co-op and you, as an individual) are complying with our rules and policies, as well as any legal and / or regulatory obligations.
- Ascertain whether you have been using the email system to send and receive an excessive number of personal communications.
- Ascertain and / or demonstrate whether we are attaining appropriate standards of customer service.
- Carry out maintenance and to monitor for viruses and / or any other programme which has contaminating or destructive properties.
- Investigate or detect unauthorised use of IT resources.
Therefore, you shouldn’t have any expectations of privacy in relation to your usage of our network, resources or equipment. We still take your individual privacy seriously so, whilst we do need to have monitoring in place to safeguard our IT and communications systems, appropriate controls are in place to ensure that access to individual communications is only undertaken in circumstances necessary to protect our legitimate interests.
Will my emails be accessed when I’m away from work?
If you’ve got some time off planned (e.g. holiday), you can arrange to put steps in place, such as email forwarding or an ‘out of office’ message. However, there are occasions where we will need to access work-related messages when someone is away from the business. Whilst our email system is primarily for business use, we recognise that colleagues may occasionally send or receive personal emails from their work account. To help us tell the difference, if we do ever need to access your emails, you should clearly mark any personal emails as such (and encourage the sender to do the same). We’ll avoid, wherever possible, opening emails clearly marked as personal or private, unless this is necessary as part of an investigation into a suspected breach of policy.
Are there any particular standards I need to keep in mind when using email or other collaboration / messaging tools (e.g. Microsoft Teams)?
In this digital age, these communication tools are used to relay formal and informal messages and information. You’ll have a good idea what’s appropriate considering your relationship with the other person involved, and we’d ask you to remember the following too:
- You’re representing our co-op when replying to email or other messages, so please maintain the same high standards as you would with other forms of communication.
- Emails and messages are quick to send but are often permanent. They may also be read by someone other than who you addressed it to.
- You should never use email or other communication tools to send messages / content which are defamatory, obscene or otherwise inappropriate. If you receive any such content, don’t forward it on and notify your line manager immediately.
- Avoid including any statements which criticise our competitors, whether that be about their product, service offering, colleagues or suppliers.
- Sometimes messages can be read in different ways. You should consider whether the language or tone could be misinterpreted (as offensive or aggressive, for example) by the recipient or any other third party who the email may be forwarded on to.
- Adhere to our Dignity at Work policy.
What should I do if I receive a suspicious email?
False emails claiming to be from known or unknown senders pose the biggest risk to modern IT. ‘Phishing’ emails can carry malware such as ransomware, which will freeze all company systems until a ransom is paid. Therefore, it’s essential that all users question all unexpected emails and do not click on links in emails which seem suspicious. If you’re unsure of an email and you know the sender, check with them that it is legitimate. If the sender is unknown, or you’re otherwise unsure, either delete the email or contact IT Services for further advice.
Is there anything else I need to know about using the internet, in particular?
Whilst our systems are for business-use only, incidental, limited personal use is okay, as long as it doesn’t interfere with your performance of your job role. We reserve the right to monitor colleague’s internet usage and consider the following as valid reasons why this would be appropriate:
- If we suspect that a colleague has accessed, viewed, downloaded, transmitted or possessed any material which is inappropriate to / in a professional workplace. Examples of this might be pornographic, sexually explicit, illegal or offensive content.
- If we have concerns that a colleague has been spending an unacceptable amount of time viewing websites which are not work-related.
- If we suspect a colleague has downloaded copyright protected material from the internet.
- If we have concerns that a colleague has used our internet facilities to download music, entertainment software, etc. or to play games or to gamble.
- If a colleague has downloaded software without the prior agreement of our IT Services team.
- If we are investigating a security breach or virus.
We’ve got software in place which identifies, and blocks access to, inappropriate or sexually explicit websites. If you inadvertently access any such website / material, you should immediately disconnect and notify IT Services.
I’ve been provided with a work mobile phone as part of my job. What do I need to know?
If we provide you with a mobile phone, you may use this for limited personal reasons (i.e. phone calls, text messages) without having to reimburse us for the cost of doing so. We may monitor telephone statements to ensure this isn’t being abused, as well as to check it isn’t being used for inappropriate reasons. There is no taxable benefit to providing colleagues free use of work-provided phones and therefore no income tax liability arises for either the colleague or our co-op.
Can I use my personal mobile phone or device at work?
Yes, you can. We recognise that for many of our colleagues, mobile phones are closely integrated with both their personal and working lives, where mobile phones may be used for authentication, training, colleague updates and interacting with the Loop etc. We trust our colleagues to make appropriate judgements about when it is and is not appropriate to be using a mobile phone when at work.
Our colleagues should also be aware that they are responsible for the safekeeping and security of their personal mobile phone at work. For guidance on keeping your personal belongings safe, please refer to our Personal Belongings policy.
If you choose to use your own phone or personal device to playback downloaded or stream live TV programmes etc whilst on your break, you are personally responsible for ensuring you maintain an active and valid TV licence.
Can I use my own personal device to access work systems?
Certain colleagues may use their own personal device (such as smartphones, laptops, and tablets) for accessing systems at work. Before accessing business, systems or data using personal devices, you should seek approval from IT Services or your line manager. If agreed, you are responsible for the security of this data and ensuring this remains confidential (including data held on web apps such as Trello and Evernote). Any actual or potential data leak or security breach (such as loss or theft of the device) must be notified to the Head of IT Services immediately. You must not download any personal, sensitive information or business confidential information from our business systems onto a personal device. All company data held on personal devices should be destroyed in line with the Company’s data retention/destruction policies; and in any event destroyed immediately when you cease to be an employee of the business.
How should I connect my own personal device to work systems?
Any personal devices used at work or for work purposes should be connected using public Wi-Fi and must not be physically connected (e.g. by wire, Bluetooth or similar mechanism) to the corporate network without prior consent of the Head of IT Services in alignment with our IT Security policies.