Create an Acceptable Use Policy and Enforce It!

acceptable use policyOne of the biggest threats to your network are your employees! Although that sounds harsh, it is true. Anyone can accidentally introduce viruses and spyware through innocent online activities such as checking personal accounts, downloading photos, or visiting phishing websites set up to scam you. These cybercriminals are EXTREMELY clever and can dupe even sophisticated computer users. All it takes is one slipup, so constantly reminding and educating your employees is critical.

An Acceptable Use Policy (AUP) outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. An AUP should also define whether and how personal devices can be used to access your business apps and accounts.  We strongly recommend putting a policy in place that limits the websites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what websites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.

Having this type of policy is particularly important if your employees are using their own personal devices and home computers to access company e-mail and data. With so many applications in the cloud, an employee can access a critical app from any device with a browser, which exposes you considerably.

If an employee is logging in to critical company cloud apps through an infected or unprotected, unmonitored device, it can be a gateway for a hacker to enter YOUR network – which is why we don’t recommend you allow employees to work remote or from home via their own personal devices.

Second, if that employee leaves, are you allowed to erase company data from their phone or personal laptop? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised?

Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured, but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.

Submit the form below for instant access to our free AUP policy template. Use this template a guide to creating or enhancing an Accceptable Use Policy for your organization. This is a great step towards creating a more secure and productive workplace.