October 13th, 2020 Read Time: 5 minutes
Justin Sheil is the Content Marketing Manager at Electric. He has 5+ years experience writing about a wide range of technology topics. As part of his role at Electric, he currently functions as the head of the company’s Research & Insights division.
Subscribe to our blog and stay up to date
As we continue to integrate newer technologies and more internet-connected devices into the workplace, potential security threats and data breaches have never been higher, which is why you want to promote a safe and responsible device policy amongst your employees. When implemented correctly, an Acceptable User Policy (AUP) is an effective strategy at minimizing the threat of cyber attacks. In this article, we discuss AUPs, the consequence of not having one in the workplace, and how to implement one.
AUPs can be a broad range of guidelines that illustrate the proper use of workplace devices, internet usage, web browsing, downloading, and much more. Almost every large business has its specific AUP outlined in its employee handbook. It is paramount to train employees on these policies and have them acknowledge that they understand everything they read with their signature. Employees must also be aware of the potential consequences they could face if they fail to adhere to the AUP.
Having AUPs in the workplace are essential because the internet is among the most misused tools by employees. In fact, up to 40% of all employee internet activity is for non-business related purposes. When employees are not focused on business-related matters, it hurts their productivity and your company's bottom line. That is why you want policies in place that keep your employees productive, all the while protecting your business from security threats.
Companies implement AUPs to safeguard their electronic communication, networks, and internet-connected devices during the workday. It also governs email and browsing use and ensures employees remain on track. Likewise, these policies protect companies from most liability lawsuits because it makes the employee responsible for their actions in the workplace, for they must acknowledge the AUP before officially beginning. Ultimately, AUPs serve as guidance for all employees, managers, and visitors to maintain proper behavior and utilize technology in a way that is acceptable by the organization.
Employees should know forthright the consequence of non-compliance with their company's AUP. Although the repercussions can vary from business to business, they should understand that repeated violations are not acceptable, nor will the company tolerate them. Non-compliance puts the safety of the business, its employees, and its clients in jeopardy.
In the event of an AUP violation, employees should know that they could be suspended or even terminated. Likewise, they could face serious liability lawsuits or even criminal charges in the case of a significant security breach due to their own negligence or intended wrongdoing. Overall, companies should avoid non-compliance at all costs, which is why there needs to substantial consequences in place to deter any activity that could be detrimental to the business as a whole.
AUPs should cover the acceptable and unacceptable email and internet conditions in the workplace. As with non-compliance consequences, AUPs can vary from business to business. The primary goal of an AUP is to eliminate employee expectations that they can use company devices at their own discretion and to ensure they keep their work remains completely confidential for security purposes. These policies should be non-discriminatory and uniformly enforced amongst everybody. In most instance, AUPs include the following:
It is important to note that this is by no means an exhaustive list, and some AUPs can be quite extensive, and the rules can vary greatly. Likewise, even if your AUP is slightly different from other organizations, it is ultimately up to you to decide how much freedom you want to give your employees with the internet and which websites are allowed and which ones are not. Once you draft your AUP, it should become a core part of your business that everybody must follow. Proper training and enforcement of the guidelines outlined is vital to ensuring the safety of your business.
The misuse of the internet and internet-connected devices in the workplace is a growing cause of concern for many companies. Likewise, there are growing security challenges these companies must address to ensure they protect their business, their employees, and their customers. An organization's first step at combating these security challenges is implementing an acceptable use policy that clearly defines which internet activities are acceptable and unacceptable in the workplace, the safety measures in place to minimize the threat of a cyber-attack or data breach, and establishes employee expectations on how to act while connected to a company device. If you take the time to implement a robust AUP, you protect your company against most liability charges and ensure a safe working environment.
Figuring out all your bases to cover pertaining to your organization’s IT strategy is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization.