An acceptable use policy is a document that states the practices and limits a user must agree to for access to a company network, the internet, or other resources. This policy details what a user can and cannot do when using personal or company-issued computers and computing resources. The document also describes penalties for noncompliance.
Having your employees sign an acceptable use policy should be part of your company’s cybersecurity plan. Educating employees on the proper use of computers and internet activity helps protect against cyberattacks.
Learn why your company should have an acceptable use policy for its employees and the information to include.
Why Is an Acceptable Use Policy Important?
A company representative likely signed an acceptable use policy from the internet service provider before the service was installed. This policy probably included the following stipulations:
- Use of the internet service may not violate any laws.
- The information security of any computer network may not be disrupted.
- Commercial messages may not be posted to Usenet groups without prior permission.
- Junk email and spam may not be sent to users who do not want to receive them.
- Users may not attempt to mail bomb a site to flood the server.
- Users may not attempt to steal intellectual property from the vendor.
- Users must report any attempts to break into their accounts.
- Disciplinary action may be taken if the acceptable use policy is violated.
- The acceptable use policy complies with applicable laws and related issues.
- The acceptable use policy may be subject to periodic audits.
Which Issues Might an Acceptable Use Policy Cover?
You should consider creating an acceptable use policy to cover the following issues:
- How employees should use social media, including what should not be discussed about the company.
- Whether the internet and other system use should be for business purposes only.
- Cybersecurity rules about using public Wi-Fi, using company-approved authentication procedures, changing passwords and other access data, opening questionable email attachments, and accessing restricted information.
- Restrictions on how non-employees may use company information systems and network resources.
- Prevention of unauthorized access to confidential information and use of the information.
- Proper use of personal devices for business purposes to prevent security issues.
Which Best Practices Encourage Employees to Follow an Acceptable Use Policy?
You should have new hires sign an acceptable use policy during the onboarding process as part of an employment contract. You also can have existing employees sign the policy if it is now being implemented.
Periodically remind employees of their responsibility to understand and comply with the information in the acceptable use policy. These best practices can help:
- Have clearly written policies that are easy for employees to understand.
- Provide training classes that detail the rules included in the acceptable use policy.
- Periodically send out questionnaires to test employee knowledge, awareness, and understanding of the acceptable use policy.
- Periodically review and update the information, especially when there is a significant change in business operations, such as the introduction of a new product or service, a merger, or an audit.
Do You Need Help with Creating an Acceptable Use Policy?
Reach out to High Profile if you need an HR professional to help you create an acceptable use policy. Find out more today.