Founding father Benjamin Franklin once said that time is money, and all too often, small and mid-sized businesses are learning the hard way how employees really spend their time during work hours. IDC research estimates that 30 to 40 percent of employees' Internet activity is not business-related, which translates into millions of dollars in lost productivity every year. But this does not include the dollars businesses spend on legal counsel for harassment claims and copyright infringement violations that derive from inappropriate employee Internet use.

At first glance, it may appear that prohibiting employees from accessing the Internet while at work is the best solution. However, a total ban is both impractical and bad for business because Internet access is a critical component for key business functions like payroll management and online banking. History also tells us that prohibition can often lead people to engage in the 'banned' behavior more often and in secrecy.

Rather than simply eliminate Internet use, the key for any business is to create a balance that not only increases employee productivity, but also protects businesses from outside threats. This type of balance often comes in the form of an acceptable use policy (AUP) in combination with Internet monitoring and filtering software.

The AUP is the first step in the process, outlining rules on how employees can use the Internet while at work and the consequences for breaking these rules. Internet monitoring and filtering software tracks network traffic and reports or blocks any violations, increasing both network security and employee productivity. For the purposes of this discussion, we will focus specifically on the AUP and how to craft a policy that is both reasonable and effective.  

However, before you grab your pen (I suggest pencil) to create an AUP, you should be aware of the key elements. The process of writing an AUP should be approached with the same amount of research, precision, and attention to detail as any other business plan developed by the company. Remember, the objective of any such policy is to be as granular as possible, eliminating the possibility of any ambiguity that can set the stage for confusion in the event that a problem does arise.

What to consider when creating an AUP

To surf or not to surf

One of the most tangible benefits of an AUP is minimizing excessive Internet use not related to business activities. It's estimated that nearly a third of workers surf the Internet with no specific objective. Through an AUP, employers can specify how much time, and for what purposes employees should spend on the Internet.

In the age of blogs, webcasts, and Wikipedia, workers are not entirely to blame for the increasing reliance on the Internet, but making an effective and positive use of business resources probably does not include sending instant messages to friends, downloading music, or streaming the latest episode of American Idol. Recreational activities like these can significantly impact network performance and impede actual business-related activities.

Hidden dangers

The Web is a great tool for attracting new clients, conducting research and other knowledge building tasks, but it also poses a serious threat to a company's networking equipment and software. Many companies can testify to the damage that a simple click of a mouse can do, including transmitting viruses and putting sensitive company information into the wrong hands. An efficient AUP will answer questions that employees have regarding potential Web threats.  Employers can avoid costly security threats by promoting awareness and responsible Internet use.

Rules of engagement

Employees no longer have to engage in insider trading or a lavish financial scheme to tarnish their employer's good name. A simple blog post or a visit to an X-rated site can lead to lawsuits, harassment charges, and even criminal prosecution. An AUP should discourage and define any and all actions that pose potential liability for the company. All too often, companies are forced to dismiss employees or withstand adverse publicity in the face of serious employee missteps when policies are not clearly stated and enforced. 

Violators will be prosecuted

Arguably the most important elements of any AUP are not only its clarification of company policy regarding employee Internet use, but also the consequences of any violation and an explanation of how the company will detect such a violation. Employees should be aware of expected privacy on email and advised if Internet use is monitored in advance. This level of clarity will aid in the overall effectiveness of any AUP.

Ready. Set. Write.

While creating an AUP may seem like a daunting task (given the steady flow of technological innovations), it does not have to be. Make it a team event and engage employees from various departments in the company. First and foremost, an AUP should be clear and concise. Reading actual AUP documents of other organizations can offer guidance in determining what you should (and should not) incorporate.

Also, remember to keep it simple. Avoid using overly technical terms or vague generalities. Ultimately, an AUP should be presented so as to instruct, not intimidate, users.

Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation's largest executive services firm, providing financial and technology leadership nationwide.