How Important is an Acceptable Use Policy (AUP)?

That depends on how much you value your time, data and money.

You must realize that if someone in your company is using your company’s assets for personal use, or, if they are doing things that can cause your network to be compromised (things you would not approve of), you will find that a lot of time will be needed to resolve whatever issues arise, most likely resulting in significant downtime. Also, in most cases data is in jeopardy. Last, you will spend a lot of money resolving all of this.

Now, would you like to know more about an AUP?

You have built a company, or you oversee running a company, and realize how important IT is to it. You are very busy trying to maximize each minute of the day and you keep track of every dollar. Now you need to educate your users as to what they can do with your assets to reduce problems. An AUP tells users what they can do, what they can’t do and if they do what is prohibited, then what the repercussions will be. You want users to understand how important it is to be careful how they use the web, email and introducing media containing files to the environment. It is not easy because people tend to forget, get to busy to remember or assume a questionable email is safe. In fact, you need to constantly remind them, make sure they understand and be vigilant keeping your company’s security features up to date.

Users will say they want to take a few minutes on break to get some personal things done using the internet, like getting someone a present or finalizing vacation, or, just looking at some pictures taken at the reunion over the weekend, or, just trying to catch up on some unread emails that have piled up in the In Box. You might ask them to keep the pictures on their phones, surf the web on their own device using the company’s Guest WiFi only.

The AUP is not just to educate, or as some have said, warn your users. It is to help you protect your data, your time and your money. It explains that the systems they use are owned by the company, make it possible for them to work there and help the company be successful. Therefore, they need to apply caution and common sense. If there is a question, ask it before not after. You are trying to tell them that you need their help and that you are asking them to be responsible with the systems you provide them. The flip side of that is if there is a disregard for the company, and it is shown that they blatantly, carelessly caused a problem, then the company has the right to hold the user responsible in some way. They need to share some responsibility to work there. They are part of a team.

You are not trying to scare them with the idea that any problem is their fault. For example, one of our clients finds pictures to celebrate whatever there is a national day of. In this instance, it was national cupcake day. A user was to scan the web and find a good picture of cupcakes to add to their website. They were attacked with ransomware. It wasn’t that user’s fault as it was an innocent accident. The big positive side of this was that their backups proved to be the savior. It was a fast and up to date restore.

If you need some help creating an AUP, or, if you need an experienced partner to create one, please call ASE. Lawyers can word things in such as way that it may be difficult to understand. We can help you use language that is easy to read. Again, you don’t want to scare the user, you want them to understand that they are part of a team and if the company is successful then they will be.

Robert Lane
President/Owner
ASE, Inc.
Getting you ready for tomorrow today
(703) 273-8388 ext 111

ASE, Inc. is an IT technical support services and consulting firm in the Washington DC Metro area.  Since 2000 ASE has focused on providing full outsourced IT department services to small and medium businesses as well as providing senior level expertise designing, installing and managing complex networks as well as security consulting to very large entities in both commercial and federal markets.  Call ASE today – 703-273-8388.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.