READ TIME: 19 minutes
Does your business have an acceptable use policy (AUP) regarding the use of your organization’s network, devices, and the Internet? Is the policy actively enforced, or is it a document that’s only seen upon the point-of-hire? There are many reasons why your company needs an AUP, and why the document needs to play a bigger role in corporate governance.
Why have an Acceptable Use Policy?
Having a cybersecurity plan is more critical than ever. With the number and intensity of cyber attacks increasing, it is paramount that all companies — regardless of size — understand current cyber threats and what to do to prevent and combat them.
A crucial component of this cybersecurity plan is an acceptable use policy. The acceptable use policy serves many key functions:
- It protects your business from any legal actions, while clearly communicating to employees your expectations regarding their behaviour
- It provides a roadmap for your users to understand their responsibilities as they relate to your protected infrastructure, access, and information
- It serves as a living document that helps with understanding the latest threats and what to do to prevent them from impacting your organization
- It’s the best first step to keeping your company and customer information safe
- It may limit or even safe harbour your liability around illegal file sharing, by discouraging, training against and monitoring for the practice
The key to successful AUP adoption
It is far better to layout acceptable usage and get employees on board early than to have to spend cycles correcting behaviour and problems if something goes wrong. In a worst-case scenario, a staff member could introduce ransomware into the corporate environment simply by visiting a site that would have been blacklisted if you had an AUP in place, or sharing passwords in a public space. To be successful, your policies should be:
- Executed thoroughly and reviewed regularly. Security should never be a set it and forget it exercise
- Readily available to your employees
- Written in simple, everyday language; scrap the legalese
- Clear and concise; leave no room for interpretation
- Easily linked to documents if Isolated into separate policy statements, standards, and processes
- A corporate KPI; scoring the entire organization for compliance
What should your AUP Include? Read our Threat Insight for more information and ways to level up your AUP now.