How Important is an Acceptable Use Policy (AUP)?

That depends on how much you value your time, data and money.

You must realize that if someone in your company is using your company’s assets for personal use, or, if they are doing things that can cause your network to be compromised (things you would not approve of), you will find that a lot of time will be needed to resolve whatever issues arise, most likely resulting in significant downtime. Also, in most cases data is in jeopardy. Last, you will spend a lot of money resolving all of this.

Now, would you like to know more about an AUP?

You have built a company, or you oversee running a company, and realize how important IT is to it. You are very busy trying to maximize each minute of the day and you keep track of every dollar. Now you need to educate your users as to what they can do with your assets to reduce problems. An AUP tells users what they can do, what they can’t do and if they do what is prohibited, then what the repercussions will be. You want users to understand how important it is to be careful how they use the web, email and introducing media containing files to the environment. It is not easy because people tend to forget, get to busy to remember or assume a questionable email is safe. In fact, you need to constantly remind them, make sure they understand and be vigilant keeping your company’s security features up to date.

Users will say they want to take a few minutes on break to get some personal things done using the internet, like getting someone a present or finalizing vacation, or, just looking at some pictures taken at the reunion over the weekend, or, just trying to catch up on some unread emails that have piled up in the In Box. You might ask them to keep the pictures on their phones, surf the web on their own device using the company’s Guest WiFi only.

The AUP is not just to educate, or as some have said, warn your users. It is to help you protect your data, your time and your money. It explains that the systems they use are owned by the company, make it possible for them to work there and help the company be successful. Therefore, they need to apply caution and common sense. If there is a question, ask it before not after. You are trying to tell them that you need their help and that you are asking them to be responsible with the systems you provide them. The flip side of that is if there is a disregard for the company, and it is shown that they blatantly, carelessly caused a problem, then the company has the right to hold the user responsible in some way. They need to share some responsibility to work there. They are part of a team.

You are not trying to scare them with the idea that any problem is their fault. For example, one of our clients finds pictures to celebrate whatever there is a national day of. In this instance, it was national cupcake day. A user was to scan the web and find a good picture of cupcakes to add to their website. They were attacked with ransomware. It wasn’t that user’s fault as it was an innocent accident. The big positive side of this was that their backups proved to be the savior. It was a fast and up to date restore.

If you need some help creating an AUP, or, if you need an experienced partner to create one, please call ASE. Lawyers can word things in such as way that it may be difficult to understand. We can help you use language that is easy to read. Again, you don’t want to scare the user, you want them to understand that they are part of a team and if the company is successful then they will be.

Robert Lane
President/Owner
ASE, Inc.
Getting you ready for tomorrow today
(703) 273-8388 ext 111

ASE, Inc. is an IT technical support services and consulting firm in the Washington DC Metro area.  Since 2000 ASE has focused on providing full outsourced IT department services to small and medium businesses as well as providing senior level expertise designing, installing and managing complex networks as well as security consulting to very large entities in both commercial and federal markets.  Call ASE today – 703-273-8388.

Emails That Hurt

Network security is a difficult subject to manage because it covers so many aspects of the network that a company runs on. Users need to understand that they play a very important role. Your emails are a big focus of the bad guys out there. Today, emails come from so many different sources, many of which are just being sent to cause problems for you and your network. Here is a simple step that can really help your company. Remember, if you initiate a problem you as well as your network might be down slowing, even stopping, your productivity for a period of time forcing you to miss deadlines and in most cases costing the company a lot of money.

I see emails that say, “IT Support Request” or “Need IT Support” from senders I don’t recognize. I really want to open them but because of what I see in the field I know that I need to investigate it a bit more. Without opening it, right click on the email and choose “Message Options”. In the bottom part of the window that opens you will see “Internet Headers”. To the right you can scroll down until you see the “From” line, in other words, who sent it. Notice the email address. If you don’t like it, delete the email. You can open your browser and type in the domain name to see if it is a legitimate company. (example: From: Robert@abc123.com. Type in www.abc123.com) You can call them to see if that person exists. You can even ask for that person. If you are in any way unsure who this is or why they sent it then don’t open the email, delete it and then go to the Deleted Files folder and delete it permanently.

IT support professional in many cases can determine which user initiated a network problem and how. It is not uncommon for companies to fire the user because that person broke an Acceptable Use Policy (AUP). Don’t be that person!

Trust me; this little step helps a lot.

Robert Lane
President/Owner
ASE, Inc.
Getting you ready for tomorrow today
703-273-8388 ext 111

 
ASE, Inc. is an IT technical support services and consulting firm in the Washington DC Metro area.  Since 2000 ASE has focused on providing full outsourced IT department services to small and medium businesses as well as providing senior level expertise designing, installing and managing complex networks as well as security consulting to very large entities in both commercial and federal markets.  Call ASE today – 703-273-8388.