What Should Be Included in an Acceptable Use Policy?

Every business should have an acceptable use policy so that employees know what the permitted uses of company computers and networks are. Without a clear policy, they don't know what's allowed or not. The results can include overuse of resources, bad security practices, and friction between managers and employees. Everyone should understand where the boundaries are.

General restrictions

Certain activities should always be prohibited. They include:

  • Illegal activities, including fraud, threats, and harassment.

  • Spamming by email or any other channel.

  • Making unauthorized representations on behalf of the employer.

  • Circumventing device and network security.

  • Introducing malicious software, such as spyware, worms, and ransomware.

  • Disclosing confidential information, except as permitted in one's job.

  • Revealing account passwords to anyone else.

  • Actions prohibited by company policies.

Software policies

A company should carefully consider whether and to what extent employees will be allowed to install software. Giving them blanket permission to install software on their assigned machines opens up security risks. A common approach is to allow only authorized IT people to install software on employees' machines.

BYOD and telecommuting policies

The policy should specify whether employees may use their own devices on the company network. This includes telecommuting as well as smartphones and tablets.

If employees can use personal mobile devices on the network, the AUP needs to specify what security measures are required. This may include installing company-mandated software to separate business and personal use. The policy needs to make it clear that any monitoring applies only to the business side of employee-owned devices and personal use is private.

If the policy allows telecommuting, it should require the use of a VPN and protection of the account associated with it.

Social media and time sinks

The company's policy on using social media, watching videos, and other potentially time-wasting activities will depend on the business culture and the network's ability to absorb the bandwidth. Some companies need to be very strict, prohibiting nearly all non-business use. Others will trust their employees not to abuse their privileges.

A policy shouldn't be so strict that it interferes with necessary work activities. A blanket prohibition on watching video could interfere with work-related education and research. A strict policy should allow usage for purposes that are part of doing one's job. A few companies have such stringent security requirements that they have to prohibit all nonessential activity; they're a special case which is beyond the scope of this article.

At the other end, there should always be rules to limit clearly excessive usage. Even a lenient policy should state that social media use is acceptable only if it doesn't interfere with the employee's work duties, isn't detrimental to the employer, and doesn't involve unauthorized claims to speak for the employer. The company's policies on trademarks, harassment, discrimination, and so on should be incorporated by reference.


The policy needs to explain how it will be enforced. There are several points it needs to cover.

  • If user activity is monitored, even just occasionally, the AUP needs to say so. If some areas, such as the content of email, are protected from monitoring, it should say that also. Making this point clear protects the employer from ill will and possibly from legal action.

  • The consequences should be made clear with a phrase such as "up to and including termination."

  • The policy should explain the procedures in case of a suspected violation. The employee should have an opportunity to answer charges of misuse.

The SANS Institute has published an acceptable use policy template, which businesses may freely adapt for their own use. Each business has to consider its own needs and make whatever changes are necessary to fit them.

Please contact us if you need more information or help.



Continue reading

What Is Involved With A Lock-down Procedure?

When there is a change in IT Support staff that has access to your IT management systems and passwords it is important to quickly revoke access, change passwords review your security systems.

 We suggest having a lock-down procedure in place to guide you through the process and ensure that nothing is missed.

In addition to the obvious things like keys to building and passwords, here are a few other items to be sure you consider;

        • Firewall administrator access
        • Domain name registration accounts
        • Email and web hosting accounts
        • All remote access and VPN software
        • Change the Point of Contact records for all vendors like the phone company, internet provider, etc.
        • All online, cloud, or hosted services
        • Let all employees know about the change, even the branch offices!
        • Encryption keys and passwords for backups
        • Remove them from all internal email distribution lists
        • Access control and security systems

Of course, this is all much easier if you have professional IT management systems in place so that everything is fully documented before you need to change it.

When the only person who knows what to change, and how to change it is the one who just left, it can be a daunting task.

If you want help getting in front of this, before it becomes an emergency, or if you are currently in need of an emergency lock-down, give us a call.

At White Mountain, we make changing IT Service vendors EASY!

Thanks for visiting, we look forward to hearing from you.whitemtn contactus sm

LB signature
Continue reading

What Types Of Things Should Be Documented?

One of the keys to being able to efficiently manage, support and use your IT systems is standardized documentation.

At White Mountain, we utilize a secure, state of the art database for documentation and client SOP's (Standard Operating Procedures).  As we implement, manage and support your systems we are continuously referencing and updating the documentation that outlines what we did and how we did it.

The goal is to empower the support team to be as efficient as possible and to avoid depending on a single individual for critical information or knowledge.  Ensuring a high level of efficiency and responsiveness on our end, allows us to keep your costs down, and productivity up.  Having a professional Managed Service Provider supporting your business provides exponentially more value than a single employee or very small IT provider.

Here are a few of the things that should be included in your IT documentation:

        • Network diagram and floor-plan
        • ISP and circuit info
        • Inventory of all software and hardware
        • Complete documentation of servers
        • Security profile of data, share and user group access
        • Data backup requirements and system configuration
        • User census and profile
        • Firewall configuration and security profile
        • Remote access configuration
        • Third-party vendor information
        • and much, much more!

At White Mountain, we make changing IT vendors EASY!

Thanks for visiting, we look forward to hearing from you.whitemtn contactus sm

CO signature
Continue reading

What Is A Comprehensive Data Backup System?

We believe that there should be multiple levels of backup for all company data. When using modern backup, synchronization and virtualization tools, there is really no excuse for data loss, even small businesses can afford to have a robust backup platform. Having said that, we understand that every situation is different and all budgets are certainly not equal, but here are a few guidelines that we like to consider.

All servers should be backed up at a minimum of once per day with a copy of everything streaming to a secure off-site location.  Servers should be completely imaged, or better yet virtualized, to allow for easy restores or live fail-over to different hardware or even to a different location.

Desktop computers and laptops should also be imaged to minimize downtime when a hard drive fails, this way all updates, installed software, and drivers are preserved and ready to go with a simple restore.  There is no reason to have to rebuild a computer and reload everything from scratch just because a hard drive failed.

Laptops should also have a live file-backup running that will allow changed files to stream to the cloud while you are on the road, or out of the office.

At White Mountain, we make changing IT vendors EASY!

Thanks for visiting, we look forward to hearing from you.whitemtn contactus sm

CO signature
Continue reading

What Are Employee On-boarding And Separation Procedures?

When we bring on a new client, we create a document that outlines all of the steps and tasks required to get a new employee set up in their organization.  Creating a step by step procedure and checklist helps ensure that the process is handled the same way every time and that nothing is missed.  Sometimes we end up with a base procedure, that we will apply to all employees, as well as a departmental procedure, that will be applied only to staff working in that department. 

We work closely with your management team to ensure that new employees have a smooth first day, as well as to protect the business when there is an unexpected employee separation. 

 In Addition to a detailed on-boarding procedure, here are a few of the IT related things that should be documented for all employees:

        • General description of workflow, function, and role
        • List of devices used and software used
        • List of hosted systems that each user has access to
        • Description of server, and data access requirements (folders, files & shares)
        • Company-owned devices that each employee has possession of (laptop, tablet, smartphone)
        • Any remote access accounts, VPN accounts, or other forms of remote access to company data
        • Physical access controls like key fobs or mechanical keys

At White Mountain, we make changing IT vendors EASY!

Thanks for visiting, we look forward to hearing from you.whitemtn contactus sm

LB signature
Continue reading

Ok, I Want To Know More, What's The Next Step?

Simply fill out the form on our "Contact" page, or give us a call to set up a private consult.

We will provide more detailed information about our company and services, and we will discuss your current situation, as well as your short and long term goals.  If it looks like we may be a good fit for each other, we will provide a ballpark estimate to give you an idea of what our services may cost.

If that all sounds good, we move forward with a basic audit of your environment and gather more detail about your priorities and needs.  We will follow up with a custom proposal, as well as a few client references for your review.  There is no cost or obligation involved, and the process can take as little as a few days.

If you decide that we are not a fit, or if the timing is just not right, we promise not to bug you with endless sales calls.  We will respect your time and privacy, and will be there when you are ready!

And remember, we make changing IT vendors EASY!whitemtn contactus sm

Thanks for visiting, we look forward to hearing from you.

Steve signature
Continue reading

I Have A Dispute With My Current IT Provider, how can I keep them out of my network?

It is very rare that an outside vendor or employee would ever intentionally cause your business harm or disruption, but we understand that it is your job to protect the businesses and minimize risk.  As the adage goes, "It's better to be safe than sorry."

If you feel that things don't seem right, we can help in several ways.

The first step is to have a private & confidential conversation to discuss the situation and assess the risks to the business.  The risk assessment will prepare the foundation for an action plan outlining the steps required for a rapid lock-down.

As you can imagine, having been in business for over thirty years, we have helped with similar situations before.  Often we have responded with an overnight data backup, lock-down, and extraction; and sometimes, we have even helped clear up a misunderstanding which resulted in getting a relationship with an existing vendor back on track. 

Either way, we are happy to help.

And remember, we make changing IT vendors EASY!whitemtn contactus sm

Thanks for visiting, we look forward to hearing from you.

Steve signature
Continue reading

My IT Person Is The Only One That Knows My Systems, Won't It Be Painful To Switch?

It is not as difficult as it might seem.  If your systems are currently working, we can easily back them up, lock down the network, and then document everything about your infrastructure.  If your systems are not currently functioning properly then it is already painful and your business is at risk, the sooner you make the change, the better.   If you are currently having a conflict with your IT vendor, or are not sure that they will be cooperative with the transition, we will work with you to build a plan to minimize the possibility of downtime and interruptions, even without their help.

We often find that even when a new client has told us that things were "ok" with the previous vendor, when they see how much of a difference having professional IT management can make, they are relieved and excited about the change.  I can't tell you how often a new client tells me that they wished they had made the change years ago!

Our systems and process are very transparent, as a client, you have access to our systems, records and all of the documentation about your network.  With White Mountain, you are as involved as you want to be and will never feel that you are being left in the dark.  Don't settle for a vendor who uses knowledge as job security. Let us help you get the situation resolved.

At White Mountain, we make changing IT vendors EASY!

Thanks for visiting, we look forward to hearing from you.whitemtn contactus sm

CO signature


Continue reading

Featured Services

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.


Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.


White Mountain IT Services

33 Main Street, Suite 302
Nashua, NH 03064


121 Riverfront Drive
Manchester, NH 03102


Open Positions