Not Having Acceptable Use Policies is not Acceptable

Blog / Not Having Acceptable Use Policies is not Acceptable

Of all the different IT policies your organization may have (password, remote work, privacy, BYOD, social media, etc.), one that often gets overlooked is the acceptable use policy. The reasons are many and mostly understandable. After all, employees already know they shouldn’t be visiting risque or other potentially dangerous websites on the company time, right? Everyone understands work time is for working and not shopping online. What’s the point in codifying what everyone already knows in acceptable use policies? It seems like a waste of time.

For one, acceptable use policies are almost always a requirement for a variety of business insurances, particularly cyber insurance. Secondly, depending on your organization type, they may even be a legal requirement.

But let’s not worry about dotting the i’s and crossing the t’s. At their core, acceptable use policies clearly define what company machines can and cannot be used for. They cover things like company phone usage, online activities, email use, and plenty more. But how do they materially help your organization beyond just ticking requirements off a checklist in order to do business? Acceptable use policies offer three main benefits.

  • Reducing negligent behaviour
  • Reducing liabilities
  • Improving productivity
Reducing negligent behaviour

Let’s be clear; 99% of the time, your employees aren’t trying to cause trouble. Very few people willingly engage is risky online behaviour, especially at work. Unfortunately, the fact of the matter is that you don’t have to go looking for problems in order for them to show up; there is always a chance employees’ online presence can give an astute, surreptitious hacker a way into your network. By establishing clear standards for machine use, either in office or while working remotely, you reduce the chances of an unintentional breach. This is particularly true for email, where malware attacks are up 600% from 2019.

Reducing liabilities

Risky online behaviour isn’t limited to just obvious examples that spring readily to mind like visiting unsafe sites or opening email from sketchy sources. Your business may be liable for misuse if employees violate industry standards (such as HIPAA or PIPEDA compliance), download illegal files, commit cyberbullying, or indulge in other illegal activities while using a company machine. Having an acceptable use policy won’t eliminate your business’s liability in the event of a breach, but being able to demonstrate an employee violated an agreement is much more helpful to proving you took the appropriate steps control risk than pleading to the courts that you just expected employees would know better.

Improving productivity

So far we’ve talking about how acceptable use policies are great for reducing risk exposure for your business, but they have material benefits on productivity as well. No one wants to be Big Brother, constantly looking over everyone’s shoulders while they’re at work. That’s a great way to annoy employees and start an exodus. Nevertheless, occasionally gently reminding employees that their activities on company devices might be monitored can go a long way to keeping them focused instead of watching cat videos on YouTube. The key is to make sure that machine and screen monitoring is explicitly included in a signed acceptable use policy. As of 2018, almost 80% of businesses monitored employees’ internet use. They saw both improvements in overall productivity and a reduction in their risk of cyberattacks.

Once an acceptable use policy is in place, there are several technology tools that can be installed on your network that will help promote and enforce your policy: network monitoring, file access and permissions auditing, and firewall rules and port blocking are just a few examples.

We recently attended a demonstration of a new “zero trust” tool that once installed on a computer, laptop, or tablet, prevents ALL unauthorized access and modifications to installed programs and data unless expressly approved by the network administrator. It promises to be the key tool in guarding against a cyber attack. Look for more information soon.

The key takeaway from all this is that acceptable use policies are about more than just improving your cyber security profile (although they clearly help with that too). They can also improve employee productivity and significantly reduce your business’s liability in multiple areas. On the other hand, it can be difficult to cover every aspect of computer and network use without in-depth knowledge of the ins and outs of IT and the cyber world in general. If you don’t have an acceptable use policy or would like to update your current one, contact your TRINUS account manager and we’ll be happy to help out. Otherwise, we’ll be back in two weeks to help sort out how best to go about enforcing your policies without crossing privacy lines and putting off employees.



/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.