What Should Be Included in an Acceptable Use Policy?

Every business should have an acceptable use policy so that employees know what the permitted uses of company computers and networks are. Without a clear policy, they don’t know what’s allowed or not. The results can include overuse of resources, bad security practices, and friction between managers and employees. Everyone should understand where the boundaries are.

General restrictions

Certain activities should always be prohibited. They include:

  • Illegal activities, including fraud, threats, and harassment.

  • Spamming by email or any other channel.

  • Making unauthorized representations on behalf of the employer.

  • Circumventing device and network security.

  • Introducing malicious software, such as spyware, worms, and ransomware.

  • Disclosing confidential information, except as permitted in one’s job.

  • Revealing account passwords to anyone else.

  • Actions prohibited by company policies.

Software policies

A company should carefully consider whether and to what extent employees will be allowed to install software. Giving them blanket permission to install software on their assigned machines opens up security risks. A common approach is to allow only authorized IT people to install software on employees’ machines.

BYOD and telecommuting policies

The policy should specify whether employees may use their own devices on the company network. This includes telecommuting as well as smartphones and tablets.

If employees can use personal mobile devices on the network, the AUP needs to specify what security measures are required. This may include installing company-mandated software to separate business and personal use. The policy needs to make it clear that any monitoring applies only to the business side of employee-owned devices and personal use is private.

If the policy allows telecommuting, it should require the use of a VPN and protection of the account associated with it.

Social media and time sinks

The company’s policy on using social media, watching videos, and other potentially time-wasting activities will depend on the business culture and the network’s ability to absorb the bandwidth. Some companies need to be very strict, prohibiting nearly all non-business use. Others will trust their employees not to abuse their privileges.

A policy shouldn’t be so strict that it interferes with necessary work activities. A blanket prohibition on watching video could interfere with work-related education and research. A strict policy should allow usage for purposes that are part of doing one’s job. A few companies have such stringent security requirements that they have to prohibit all nonessential activity; they’re a special case which is beyond the scope of this article.

At the other end, there should always be rules to limit clearly excessive usage. Even a lenient policy should state that social media use is acceptable only if it doesn’t interfere with the employee’s work duties, isn’t detrimental to the employer, and doesn’t involve unauthorized claims to speak for the employer. The company’s policies on trademarks, harassment, discrimination, and so on should be incorporated by reference.

Enforcement

The policy needs to explain how it will be enforced. There are several points it needs to cover.

  • If user activity is monitored, even just occasionally, the AUP needs to say so. If some areas, such as the content of email, are protected from monitoring, it should say that also. Making this point clear protects the employer from ill will and possibly from legal action.

  • The consequences should be made clear with a phrase such as “up to and including termination.”

  • The policy should explain the procedures in case of a suspected violation. The employee should have an opportunity to answer charges of misuse.

The SANS Institute has published an acceptable use policy template, which businesses may freely adapt for their own use. Each business has to consider its own needs and make whatever changes are necessary to fit them.

Please contact us if you need more information or help.

10 Computers72x72 highlight310 50 Computers72x7250 100 Computers72x72100 Computers72x72

Frequently Asked Questions

Here are some common questions that we hear from companies your size.

White Mountain IT

Related Posts

Smishing: A Variety of Phishing Attacks Utilizing SMS

The Dangers of SMS Phishing, or ?Smishing? Ultimately, any plot carried out by a scammer that is trying to either pose as someone else or urge the user to do something particularly dangerous could be considered a phishing attack. This kind of definition goes beyond simple email scams, where you get a message in your inbox urging you to click on links or download infected attachments. There are ot...

Here are the Basics of the 3-2-1 Backup Rule

The 3-2-1 rule is a pretty standard reference for data backup and disaster recovery, but what does this rule actually entail? Today, we want to explain perhaps the most important concept to prolonging the life of your business, even in the face of difficult and trying circumstances. Explaining the 3-2-1 Rule In essence, the 3-2-1 rule references your backups, which are pivotal in your business...

How to Prepare Your Business for Any Form of Disaster

Assessing Your Data Backup Needs To kickstart your disaster recovery strategy, it is crucial to assess your data backup needs. This involves identifying the types of data you possess, their importance to your operations, and the frequency at which they change. Conducting a thorough data audit will enable you to prioritize your backup efforts and allocate resources effectively. Implementing a Rob...

Browser Hijacking Attacks are a Serious Threat

Understanding Browser Hijacking Attacks Browser hijacking attacks involve the stealthy installation of malicious software onto a user's web browser. This malware can range from adware and spyware to more sophisticated forms like ransomware and keyloggers. The primary goal of these attacks is to gain unauthorized access to sensitive information or disrupt the user's browsing experience. Common Te...

Sound Familiar?

Here are some of the most common complaints we hear from businesses that aren’t satisfied with their IT vendor and want to switch to White Mountain.

There is a Better Way!

Give White Mountain IT a Call Today

BOOK A CALL

Nationwide Remote IT Services,

Without a Long Term Contract.

We provide services and support to businesses throughout the US. If we do not have an on-site resource in your area, we can manage a local vendor to provide on-site assistance if and when needed.

All our Managed Services are carried out by our dedicated team of full-time employees. These professionals have successfully cleared multiple security and background checks, ensuring the highest level of service and reliability for your business. 

Need an Onsite Visit?

We've Got You Covered!

Manchester N.H. Office:

121 Riverfront Drive
Manchester NH 03102

Nashua N.H. Office:

33 Main Street
Suite 302
Nashua NH 03064

Client Help Desk        603-889-2210

New Client Inquiries   603-889-0800

OPEN POSITIONS

Client Help Desk

603-889-2210

New Client Inquiries
   603-889-0800

© 2024 All Rights Reserved. copy_right_image

Protected by Copyscape Plagiarism Checker – Do not copy content from this site.