New YouGov research for Amazon has found that nearly one in four UK SME retailers (23%) is...
Using software legally doesn't only protect you against the risk of legal action. It also helps you avoid wasting money on unnecessary software and reduces the risks of IT security problems.
You need an organised approach to acquiring and managing software. Make sure all your employees understand your policy and why it is important.
1. Software risks
Software can pose a number of risks to your company.
Illegal software can be a source of viruses, malware and other security problems
- Software downloaded from the internet can carry viruses - particularly if it has come from a disreputable source.
- Illegal software may also contain spyware or Trojans which may allow hackers to break into your computers and steal data.
- Peer-to-peer file sharing software is the source of many virus infections. It's wise to block use of peer-to-peer applications on your business systems.
Using illegal software can leave you open to prosecution
- Penalties for software piracy include an unlimited fine, or even a prison sentence.
It's easy to end up spending too much, or too little
- Purchasing software can involve confusing licensing agreements and terms and conditions.
- Most software packages permit a certain number of people to use them in your business. If you exceed this limit, you are breaking the law.
- A good IT supplier can help understand how best to buy the software you need.
2. Legal basics
There are two main types of software you may use in your business
- Desktop software is traditional software that you buy and install on your computer. Typically, you pay a one-off fee to use it, although an increasing number of packages are available on monthly subscriptions.
- Cloud software is accessed over the internet. You pay a regular fee (usually monthly) to use it. Cloud software is often referred to as 'software as a service' (SaaS), hosted software, or hosted applications.
When you 'buy' software you usually purchase a licence
- This sets out exactly how you can use the desktop or cloud software.
- You will usually be shown the software licence and required to agree it before you can open the software for the first time.
- Licence agreements are long and usually written in legalese, which means they can be tricky to understand.
- The licence will specify how many copies you can make (and use) or how many users can access the cloud service.
- Some licences place restrictions on who may use the software, and for what purposes. Some software is provided free, or at a reduced price, for academic or personal use only.
Breaching the licence is software piracy
Typical breaches include:
- making or selling illegal copies;
- using illegal copies of software, even unknowingly;
- using legally acquired software on more computers than the licence allows;
- allowing employees, or other contacts, to make unlicensed copies of software;
- allowing a consultant to install software on your system when you do not have a licence for it.
Software piracy is a criminal offence
- You risk up to ten years in jail, or an unlimited fine.
Software publishers may sue you for piracy
- You can be sued for any improper use of their intellectual property.
- Damages can run to tens of thousands of pounds. They are normally linked to the amount of money lost, which depends on the number of illegal copies and the length of time they have been in use.
- You also face the possibility of the expense and disruption of legal action, regardless of whether you have to go to court.
It can be easier than you think to be caught
- Software often has piracy detection built in. Although this may not report you, it may disable key features in the software.
- The software publishers' trade association, the Business Software Alliance (BSA), offers rewards for information on the illegal use of software.
- Disgruntled employees or ex-employees may report you.
- Any consultant or company you use to support your IT system is likely to discover illegal software.
Open source software
Open source software offers an alternative to commercial packages. It is developed by a large community of computer programmers and offered to download free of charge.
Open source software seems an attractive option because it is free
- Anyone can download and use open source software, without payment.
- Some companies sell support services for open source software, so you can get help if things go wrong.
Open source packages offer similar functions to commercial software
- Many open source applications are built to a very high standard.
- Open source software does not come with any guarantees of quality.
- There are still licence agreements you must comply with.
3. Consolidating your software
It's a good idea to organise your business software so you know what you have and whether it meets your requirements.
Identify the software you already have, and any you may need
- This information should be entered on a software register listing your software assets.
- Inventory software may be helpful. This automatically creates a list of all software installed across the computers on your network.
Allocate software to individual employees, according to their particular needs
Arrange appropriate training in the use of the software
- There is no point buying expensive software and then not training employees in its use.
Authorise all software purchases and installations
- Central purchasing may reduce costs, and will make it easier to track software.
Upgrade software when necessary
- You may need to manage regular updates (to fix bugs or security issues) and decide whether to upgrade when a new version of the software is released.
4. Acquiring software
Being careful about how you buy and install software is essential if you want to be sure it is legitimate.
Only buy software from reputable sources
- This will be a trustworthy dealer, or partner outlet recognised by the software publisher.
- If in doubt, make further checks or buy the software elsewhere.
- Be particularly wary of software sold online that looks suspiciously cheap. It is likely to be illegal.
Carry out some basic checks to make sure the software is legitimate
- Software packages should typically contain a licence document with a serial number.
- If you are buying multiple copies of software for use on a number of computers, you may only receive one licence document. Manuals for pre-installed software are often supplied electronically.
- Check the packaging. Poor quality labels and photocopied documents are often signs of pirated material.
- If you are still unsure, check the licence number with the software publisher, preferably before you buy.
Make sure someone in your business is responsible for managing your software
Their role should include approving the purchase or installation of any software, including:
- Free software or software that can be downloaded from the internet.
- Software upgrades.
- Installation on additional computers of software you already use.
- Employees' personal software for their own use. You can set your computers up so employees are unable to install additional software without registration.
5. The software register
A software register is the simplest way of keeping tabs on the software you are using, helping you to control purchases and upgrades.
Create an inventory of software in your business
- Record the product name, version number and serial number for every software package on every computer.
- Note down the same details for software you have not yet installed.
- If you own licences which allow you to use multiple copies of a piece of software, record how many copies are installed, and on which computers.
- Include details of any software pre-installed on computers you have bought.
- Keep all the information secure.
- You can get software that helps automatically create and update your software register. For instance, Spiceworks.
Identify and correct any problems
- Uninstall copies of unlicensed software, or purchase the necessary licences.
- If you are using too many copies of licensed software, you may need to buy more licences.
- If any computers have unnecessary or unauthorised software installed, uninstall it. This will release disk space and can improve your system's performance.
- Upgrade out-dated software so all users have the same version.
Routinely update your software register
- Amend the register whenever you purchase or install new software.
- Conduct an audit of the software on each computer at least once a year.
- Undertake intermittent spot-checks if you suspect any problems.
Store original software and documentation securely
- This should include any original software CDs or DVDs, manuals, licence documents and invoice details.
- If you cannot find all the relevant information, you may want to contact the software publisher to check your software is legitimate.
- File manuals and documentation properly so you can find them easily.
- When you buy software, it often comes in the form of a download link, rather than a physical disc. Make sure you store these download details somewhere safe.
6. Making it work
Make sure all your employees understand your company's policy on software use
- Create a policy that explains what is and is not acceptable, or include this information in your existing IT policy.
- Consider referring to this policy in your statement of employment terms.
- Regularly remind employees of the rules, particularly when breaches are suspected.
- Encourage employees to tell you if they think they may have dubious software, or if they have any other concerns.
Rigorously enforce your software rules
- Make following your software policy a disciplinary requirement. The more effort you put into enforcing your policy and making sure employees know the use of illegal software is not acceptable, the less vulnerable you will be.
- Showing that you made all reasonable efforts to prevent unauthorised use of software helps protect you against legal claims if an employee breaches the policy.
Make your software policy part of a wider IT policy
A policy designed to safeguard the security of your systems and data and protect you against a range of legal risks should:
- state what you consider to be acceptable and unacceptable use of your IT system;
- set out who is responsible for administering and repairing systems and enforcing your policy;
- regulate internet and email use and control company social media accounts;
- protect your intellectual property rights.
"Many UK companies are either woefully underlicensed and exposing themselves to legal action, or they are over-licensed. We estimate that 41% of companies fall into this category and as a result are wasting money." - Andy Pearce, FAST Ltd