Nearly all organizations now rely upon information technology to do business. Most office-based employees have access to a computer and many have a laptop or PC that is dedicated to their business use but also for their own personal use. Both email and the Internet provide employees with essential tools that enable them to do their jobs. However, technology is also open to abuse.
For many years employers have issued guidelines to their staff relating to the acceptable use of telephones at work. Most companies usually adopt a pragmatic approach and permit reasonable personal use of their telephones, excluding, for example, lengthy or international calls. Others have been more draconian and issued a clear edict that no personal use is permitted whatsoever. With the increased importance and use of email and Web at the workplace, these guidelines are frequently extended to include all areas of information technology, eventually becoming what is commonly called an acceptable use policy (AUP).
AUPs have become far more important than simply ensuring a user isn’t spending their whole working day surfing the Web, exchanging jokes and pictures or chatting with their friends or family. The reliance upon IT and the nature of the data that passes through it is often fundamental to the successful and smooth running of a business or organization. Any compromise or failure of the system has the potential to be catastrophic and can result in anything ranging from the merely irritating or mildly embarrassing to criminal prosecution and a prison sentence for corporate officers.
An effective AUP, especially when used as the basis for an IT security training program for all members of staff, can help ensure productivity while increasing security. As such, a good AUP can be viewed by employers and employees as a positive (rather than restrictive) measure, by providing a guideline that enables the use of technology for everyone without the risks.
The content of an AUP will undoubtedly vary between organizations. Regardless of content, however, M86 Security contends that to be really successful an acceptable use policy must meet the following criteria.
IT security and data protection firm Sophos has published its latest 'Dirty Dozen' report of spam-relaying countries for the third quarter of 2012. ... More >>
Research shows lack of confidence in and widespread violations of corporate security and compliance policies. ... More >>
Tips to help ensure that your electronic document repository is 100 percent secure. ... More >>