What Should Be Included in an Acceptable Use Policy?

 

Every business should have an acceptable use policy so that employees know what the permitted uses of company computers and networks are. Without a clear policy, they don’t know what’s allowed or not. The results can include overuse of resources, bad security practices, and friction between managers and employees. Everyone should understand where the boundaries are.

General restrictions

Certain activities should always be prohibited. They include:

  • Illegal activities, including fraud, threats, and harassment.

  • Spamming by email or any other channel.

  • Making unauthorized representations on behalf of the employer.

  • Circumventing device and network security.

  • Introducing malicious software, such as spyware, worms, and ransomware.

  • Disclosing confidential information, except as permitted in one’s job.

  • Revealing account passwords to anyone else.

  • Actions prohibited by company policies.

Software policies

A company should carefully consider whether and to what extent employees will be allowed to install software. Giving them blanket permission to install software on their assigned machines opens up security risks. A common approach is to allow only authorized IT people to install software on employees’ machines.

BYOD and telecommuting policies

The policy should specify whether employees may use their own devices on the company network. This includes telecommuting as well as smartphones and tablets.

If employees can use personal mobile devices on the network, the AUP needs to specify what security measures are required. This may include installing company-mandated software to separate business and personal use. The policy needs to make it clear that any monitoring applies only to the business side of employee-owned devices and personal use is private.

If the policy allows telecommuting, it should require the use of a VPN and protection of the account associated with it.

Social media and time sinks

The company’s policy on using social media, watching videos, and other potentially time-wasting activities will depend on the business culture and the network’s ability to absorb the bandwidth. Some companies need to be very strict, prohibiting nearly all non-business use. Others will trust their employees not to abuse their privileges.

A policy shouldn’t be so strict that it interferes with necessary work activities. A blanket prohibition on watching video could interfere with work-related education and research. A strict policy should allow usage for purposes that are part of doing one’s job. A few companies have such stringent security requirements that they have to prohibit all nonessential activity; they’re a special case which is beyond the scope of this article.

At the other end, there should always be rules to limit clearly excessive usage. Even a lenient policy should state that social media use is acceptable only if it doesn’t interfere with the employee’s work duties, isn’t detrimental to the employer, and doesn’t involve unauthorized claims to speak for the employer. The company’s policies on trademarks, harassment, discrimination, and so on should be incorporated by reference.

Enforcement

The policy needs to explain how it will be enforced. There are several points it needs to cover.

  • If user activity is monitored, even just occasionally, the AUP needs to say so. If some areas, such as the content of email, are protected from monitoring, it should say that also. Making this point clear protects the employer from ill will and possibly from legal action.

  • The consequences should be made clear with a phrase such as “up to and including termination.”

  • The policy should explain the procedures in case of a suspected violation. The employee should have an opportunity to answer charges of misuse.

The SANS Institute has published an acceptable use policy template, which businesses may freely adapt for their own use. Each business has to consider its own needs and make whatever changes are necessary to fit them.

Please contact us if you need more information or help.

10 Computers72x72 highlight310 50 Computers72x7250 100 Computers72x72100 Computers72x72

Frequently Asked Questions

Here are some common questions that we hear from companies your size.

White Mountain IT

Related Posts

Insurance Companies Are Asking My Business About Its Cybersecurity. What’s the Deal?

You might have noticed that business insurance companies are starting to show an interest in how you are protecting your technology and data. If your org has been in touch with your insurance provider regarding modifying or renewing your business insurance, you were likely handed a lengthy questionnaire about your cybersecurity. Let’s take a look together to help you make informed decisions on how...

Why You Need a Custom IT Strategy for Your Business

Alignment with Your Business Objectives A custom IT strategy ensures that technology investments and initiatives are aligned with the organization's overall business objectives. It helps IT departments prioritize projects that directly contribute to the company's success. Many of these decisions are based around the acquisition and support of technology and how it aligns to help them achieve thei...

Four Technologies You Can Use to Better Protect Your Data in Transit

Encryption Implementing strong encryption protocols works to secure data during transmission. From a technical point of view: SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols are commonly used to encrypt communication between a user's browser and a website. This added encryption ensures that any information exchanged is secure and cannot be easily intercepted by people looking to...

Securing Your Wireless Network

Alter the Security Information on Your Router As with any account that is protected by a password, you will want to ensure that your router?s login information is changed to something much more secure than the default configuration that comes with the device. This is because any default credentials for router models can be found online and can easily be accessed by anyone that can use a Google se...

Sound Familiar?

Here are some of the most common complaints we hear from businesses that aren’t satisfied with their IT vendor and want to switch to White Mountain.

There is a Better Way!

Give White Mountain IT a Call Today

BOOK A CALL

Onsite Service Coverage

From Concord NH to Boston

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH. If needed, we will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem NH and Portsmouth NH area.

Need an Onsite Visit?

We've Got You Covered!

ONSITE COVERAGE
Serving Southern New Hampshire
and Northern Massachusetts
Manchester:

121 Riverfront Drive
Manchester NH 03102

Nashua:

33 Main Street
Suite 302
Nashua NH 03064

Client Help Desk        603-889-2210

New Client Inquiries   603-889-0800

OPEN POSITIONS

Client Help Desk

603-889-2210

New Client Inquiries
   603-889-0800

© 2024 All Rights Reserved. copy_right_image

Protected by Copyscape Plagiarism Checker – Do not copy content from this site.