Why does your small business need an Acceptable Use Policy (AUP) ?
We are only as good as the training and awareness we have received, right? I suspect this can be applied to all aspects of life and activity but none more so to IT and Security.
Technology is an essential part of society, and it is now embedded within everything we do. This reliance is only going to increase, and with that comes some issues, namely security.
Whilst the digital revolution has been great for innovation and advancement is has brought about many issues and risks when it comes to security. Data is the asset in this case, and where there is a value associated, you can rest assured someone will want to steal it for gain.
For businesses, this means that they need to instil Cybersecurity at its core. It is no longer for those weird-looking ponytail people locked away in those offices! Those days have gone! Cybersecurity is now about knowing and creating awareness within a business and identifying and reporting threats.
Having a risk management culture means that business leaders need to ensure the right policies and processes to protect the company and its employees. This article talks about a fundamental policy that is often missed within companies that can significantly increase the business’s cyber threat.
What Is an Acceptable Use Policy?
An Acceptable Use Policy contains a set of rules that define and enforce what an employee can do on their devices. It is created to protect the company’s assets and is put in place to reduce the risk of security issues both internally and externally.
The policy must be read and agreed to by the employee as it has serious repercussions if they are not followed. The policy will be apparent in the rules and demonstrate the logic and rationale behind the controls.
Key focus points for an AUP are
> Protect the company and its Users from harm
> Protect the business from litigation
> Protect the company’s reputation
> Promote agility and productivity
What does an Acceptable Use Policy Contain?
An AUP should contain the following 6 things to ensure it protects the business
Scope: Ensure that the policy clearly defines the scope and what is included as well as what is not included
Responsibilities: Ensure that the user can understand what they need to do to ensure they are safe and protected
Acceptable Uses: This is where you highlight what is permissible and what is deemed acceptable.
Restricted or banned uses: This is where you highlight what is not allowed and why. Things such as browsing for porn, downloading illegal movies, etc are all placed here.
Privacy standards: This is where you articulate the privacy of data and the standard the business adheres to and what the employee must do.
Sanctions: This is where you highlight what would happen in the event of the AUP not being followed and clearly state the process of what would happen.
We hope this blog has made you aware of the importance of an AUP and why it’s needed.
If you like the sound of the ‘hands-off’ experience and having your IT and Cybersecurity taken care of by highly trained professionals, we would love to hear from you. Call our friendly team of experts on 0345 314 2001 for a relaxed chat about how we can make all this happen for you. Our team is ready and waiting to help in any way they can.
You can also find us at www.teckgenius.co.uk, where you’ll discover our full range of services that help you leverage the power of technology whilst enjoying the cost-savings that it brings. Alternatively, please contact us here