It's essential that your business only uses legal and licensed copies of software. As well as keeping you on the right side of the law, using the latest version of software provides the best protection from IT security threats.
As a business, you need an organised approach to acquiring and managing software. It’s critical that all employees understand your policy and why it is important.
1. Software risks
Illegal or unsecure software can pose a signifcant risks to your company.
Illegal software can be a source of viruses, malware and other security problems
- Software downloaded from the internet can carry viruses - particularly if it has come from a disreputable source.
- Peer-to-peer file sharing software is the source of many virus infections. It's wise to block the use of peer-to-peer applications on your business systems.
- Advise all staff that downloading and installing illegal or pirated copies of software is a violation of your internet policies.
Using illegal software can leave you open to prosecution
- Penalties for software piracy include an unlimited fine, or even a prison sentence.
It's easy to end up spending too much, or too little
- The software you purchase is covered by a license agreement with specific terms and conditions that you must adhere to.
- Most software packages permit a certain number of people to use them in your business. If you exceed this limit, you are breaking the law.
- A good IT supplier can help understand how best to buy the software you need and most efficiently use the licenses you have.
2. Legal basics
There are two main types of software you may use in your business
- Desktop software is software that you buy and install on your computer. Typically, you pay a one-off fee to use it, although an increasing number of packages are available through monthly subscription packages.
- Cloud software is accessed over the internet. You pay a regular fee or subscription (usually monthly) to use it. Cloud software is often referred to as 'software as a service' (SaaS), hosted software, or hosted applications.
When you 'buy' software you usually purchase a licence
- This sets out precisely how you can use the desktop or cloud software.
- You will usually be required to view and accept the software licence before you use the package for the first time.
- Licence agreements are long and usually written in legalese, which means they can be tricky to understand.
- The licence will specify how many copies you can make (and use) or how many users can access the cloud service.
- Some licences place restrictions on who may use the software, and for what purposes. Some software is provided free, or at a reduced price, for academic or personal use only.
Breaching the licence is software piracy
Typical breaches include:
- making or selling illegal copies;
- using illegal copies of software, even unknowingly;
- using legally acquired software on more computers than the licence allows;
- allowing employees, or other contacts, to make unlicensed copies of software;
- allowing a consultant to install software on your system when you do not have a licence for it.
Software piracy is a criminal offence
- You risk up to ten years in jail, or an unlimited fine.
Software publishers may sue you for piracy
- You can be sued for any improper use of their intellectual property.
- Damages can run to tens of thousands of pounds. They are normally linked to the amount of money lost, which depends on the number of illegal copies and the length of time they have been in use.
- You also face the possibility of the expense and disruption of legal action, regardless of whether you go to court or not.
It can be easier than you think to be caught
- Software often has piracy detection built in. Although this may not report you to the vendor, it may disable key features in the software.
- The software publishers' trade association, the Business Software Alliance (BSA), offers rewards for information on the illegal use of software.
- Disgruntled employees or ex-employees may report you if you are using software illegally.
- Any consultant or company you use to support your IT system is likely to discover illegal software usage or breaches of your licence.
Open source software
Open source software offers an alternative to commercial packages. It is developed by a large community of computer programmers and can be downloaded and use free of charge.
Open source software is attractive for businesses because it is free
- Anyone can download and use open source software, without payment.
- You don’t need to pay to download the software or any ongoing monthly costs.
- Some companies sell support services for open source software, so you can get help if things go wrong.
Open source packages offer similar functions to commercial software
- Many open source applications are built to a very high standard.
- Open source software does not come with any guarantees of quality.
- There are still licence agreements you must comply with.
- You may experience compatibility issues when sharing files with people who use other software packages, including Microsoft Office.
3. Consolidating your software
You should organise and review the software your business uses. You can assess whether the software you currently use and pay for is fit for purpose, or whether there are cheaper or better alternatives.
Identify the software you already have, and any you may need
- This information should be entered on a software register listing your software assets.
- Inventory software may be helpful in creating a record. This automatically creates a list of all software installed across the computers on your network.
Allocate software to individual employees, according to their specific needs
Arrange appropriate training in how to use the software
- There is no point buying expensive software and then not training employees in its use.
Authorise all software purchases and installations
- Central purchasing may reduce costs, and will make it easier to track software and ensure you adhere to the licence agreements.
Upgrade software when necessary
- To ensure software is secure and protected from online threats, you will need to regularly update your software. These updates will fix any bugs or issues that could be exploited by hackers.
- If you are using cloud software, in most cases you will find your software is automatically updated to the latest version as part of your agreement. If you purchase standalone software, you will need to decide whether investing in a new package is worth it based on your current usage.
4. Buying software
You should be careful when purchasing software to ensure you're buying legitimate versions of all programmes.
Only buy software from reputable sources
- Buy from an official reseller, a trustworthy dealer, or partner outlet recognised by the software publisher.
- If in doubt, make further checks or buy the software elsewhere.
- Be particularly wary of software sold online that looks suspiciously cheap. It is likely to be illegal.
Carry out some basic checks to make sure the software is legitimate
- Software packages should typically contain a licence document with a serial number.
- If you are buying multiple copies of software for use on several computers, you may only receive one licence document that covers all users. Manuals for pre-installed software are often supplied electronically.
- Check the packaging. Poor quality labels and photocopied documents are often signs of pirated material.
- If you are still unsure, check the licence number with the software publisher, preferably before you buy.
Make sure someone in your business is responsible for managing your software
Their role should include approving the purchase or installation of any software, including:
- Free software or software that can be downloaded from the internet.
- Software upgrades.
- Installation on additional computers of software you already use.
- Employees' personal software for their own use. You can configure computers so that employees are unable to install additional software without approval.
5. The software register
A software register is the simplest way of keeping tabs on the software you are using, helping you to control purchases and manage essential upgrades.
Create an inventory of software in your business
- Record the product name, version number and serial number for every software package on every computer in your business.
- Note down the same details for software you have not yet installed.
- If you own licences which allow you to use multiple copies of a piece of software, record how many copies are installed, and on which computers.
- Include details of any software pre-installed on computers you have bought.
- Keep all the information secure and in a safe place. You may be asked to produce it as part of a software audit.
- You can get software that helps automatically create and update your software register. For instance, Spiceworks.
Identify and correct any issues you have identified
- Uninstall copies of unlicensed software, or purchase the necessary licences.
- If you are using too many copies of licensed software, you may need to buy more licences.
- If any computers have unnecessary or unauthorised software installed, uninstall it. This will release disk space and can improve your system's performance.
- Upgrade old and unsupported software so all users have the same version.
Routinely update your software register
- Amend the register whenever you purchase or install new software.
- Conduct an audit of the software installed on each computer at least once a year.
- Undertake intermittent spot-checks if you suspect that there are any issues.
Store original software and documentation securely
- This should include any original software CDs or DVDs, manuals, licence documents and invoice details.
- If you cannot find all the relevant information, you can contact the software publisher to check your software is legitimate.
- File manuals and documentation properly so you can find them easily if required.
- When you buy software, it often comes in the form of a download link, rather than a physical disc. Make sure you store these download details somewhere safe.
6. Making it work
Make sure all your employees understand your company's policy on software use
- Create a dedicated company software policy that explains what is and is not acceptable, or include this information in your existing IT policy.
- Consider referring to this policy in your statement of employment terms.
- Regularly remind employees of the rules, particularly when breaches are suspected.
- Encourage employees to tell you if they think they may have dubious software, or if they have any other concerns about downloaded material.
Rigorously enforce your software rules
- Make adhering to your software policy a disciplinary requirement. The more effort you put into enforcing your policy and making sure employees know the use of illegal software is not acceptable, the less vulnerable you will be.
- Showing that you made all reasonable efforts to prevent unauthorised use of software helps protect you against legal claims if an employee breaches the policy.
Make your software policy part of a wider IT policy
A policy designed to safeguard the security of your systems and data and protect you against a range of legal risks should:
- state what you consider to be acceptable and unacceptable use of your IT system;
- set out who is responsible for administering and repairing systems and enforcing your policy;
- regulate internet and email use and control company social media accounts;
- protect your intellectual property rights.
Signpost
- Find software asset management tools and resources from the Business Software Alliance.
- Read guidance on how to check software is genuine from Microsoft.
- Find guidance on IT security from Get Safe Online.
Expert quote
"Many UK companies are either woefully underlicensed and exposing themselves to legal action, or they are over-licensed. We estimate that 41% of companies fall into this category and as a result are wasting money." - Andy Pearce, FAST Ltd
Browse topics: Data protection and IT