Customized Acceptable Use Policies
Developing a Best Practice Acceptable Use Policy
A well crafted Acceptable Use Policy (AUP) is a basic and essential cybersecurity policy for network protection in a comprehensive network security plan. Your AUP sets the safety protocols employees and others must agree to follow in order to be granted access to your network. And, it’s extremely important because human actions are by far the most significant source of network breaches. The Verizon 2022 Data Breach Investigations Report found that 82% of breaches between November 2020 and October 2021 involved a human element. More often, the causal actions are not malicious, though the potential for insider theft or sabotage are also scenarios that must be considered.
Essential Elements in an Acceptable Use Policy
What is acceptable and what is prohibited on your network and compute resources depends a great deal on your particular business needs, but some best practice prohibited uses apply to all industries.
- It is a best practice to restrict the use of USB drives for all use cases as they can be vectors of malware and tools for improper or malicious extrication of data. Data that needs to be accessed from devices not physically connected to your network should be stored in the cloud rather than transported between devices.
- Limiting most or all personal browsing on your network is a wise safety measure. Exceptions for personal business browsing such as looking up contact information for schools, medical providers, utilities and other such basic information is generally safe. Personal use for social media, shopping, and entertainment should be strictly prohibited to reduce the risk of malware infection.
- It is also a best practice to prohibit the downloading and/or installation of any software, whether for personal use or work related purposes. When a new application is needed by an employee or department for work process, a formal request should always be made first so changes can go through evaluation and the change management protocols.
Additionally, the AUP should clearly prohibit any illegal activities, spamming, port scanning except as a part of assigned duties, removal of company data for personal use, sharing of passwords and accounts, connections to the network from unauthorized devices, engaging in any form of harassment, and violations of copyrights or trademarks.
Industry or Role Specific Considerations for AUPs
You may have industry or organization specific factors to address in your AUP as well. You may need to add sections that apply to certain job titles or classes. While there are templates available in various places online, they may be out of date with best practices as the pace of change is so rapid. Carefully vet the your sources if using fill in the blank templates. We build customized Acceptable Use Policies based on your industry and organization which incorporate up to date best practices for a flat rate of $150.00. For a limited time, when we conduct a cybersecurity posture assessment, we are offering one free customized security policy from a set of the most crucial cyber security policies, including AUPs. We encourage you to connect with us via our contact form above or give us a call to schedule a free consultation to discuss your AUP or other cybersecurity policies.
Connect:
Have questions? Let’s talk! Please tell us a little bit about your organization and any known cybersecurity issues so we can best pair you with one of our professional analysts. We’ll get back to you within 48 hours. We offer free 30 minute consultations and we’re happy to answer questions and provide recommendations for next best steps for reaching your cybersecurity goals. You’re also welcome to call to schedule a consultation.
