According to the Symantec ISTR, 53% of data breach incidents were caused by employees in 2015. These incidents occurred as a result of accidentally making private information public, theft or loss of device with corporate information, and insider threat. Acceptable use policies help companies regulate behaviors and activities among their employees to protect a company’s network and data. Additionally, these policies protect your employees, partners and your company from illegal or damaging actions by individuals, either knowingly or unknowingly.
The following are some recommended inclusions for your Acceptable Use Policy:
Telecommunications Device Acceptable Use
Many companies are moving to a Bring Your Own Device (BYOD) policy, as it allows employees to choose what device they want to utilize. Smartphones and tablets are an integral part of the workforce and our daily routines. This part of your Acceptable Use Policy should address how such devices are to be utilized by employees. Be sure to include guidelines about personal phone calls during working hours and prohibited access of particular websites, video, and photographs.
Security and/or Proprietary Information
This section describes how confidential information should be handled across applications and devices. General best practices regarding passwords are typically included here. It’s also helpful to include information about what to do if the device is lost or stolen.
Risks and Liability
It’s important to state who is liable for all costs associated with repair and replacement of active devices. Additionally, you should include information about what exactly the employee is liable for regarding their devices. Best practices about file sharing, emailing sensitive information, password protecting devices, and what to do if something happens to the equipment or devices should also be included in this section.
It is important to have a signed copy of the Acceptable Use Policy on file with every employee in order to clearly define your expectations on how devices are to be used. More importantly, make sure your employees know why this is important. Adhering to the standards set forth in the Acceptable Use Policy is a proactive approach to preventing data breaches, malware attacks, and much more.
For help with drafting your Acceptable Use Policy, contact us today.