Acceptable Use Policy

When people think of network security, the first things that come to mind are hardware and software. What devices are people using? Are logins password protected? Is confidential data safe? Do we have a firewall in place? Are anti-virus systems installed? Now, while all of these are certainly important, one of the biggest network security risks are your employees and guests.

Acceptable Use Policy

An essential element for true network security is the creation of an Acceptable Use Policy. This policy document should be provided to all employees, and potentially any guests with network access, to identify exactly what is, or is not, allowed on your secure network. This might cover such areas as:

  • Are employees allowed to send and receive personal emails?
  • Within a business environment, are there any limits on what files can be sent or received? Either by type or content.
  • In today’s world of mobile devices, there may be similar limits on files that can be copied and removed from the business premises.
  • Are there any restrictions on websites that they can visit from their office computer? If not, there probably should be.
  • What about restrictions on music and videos?
  • What is the network access and authentication procedure?  Are there password parameters in place? Do passwords have to be changed regularly? Does your policy dictate that passwords must not be written down anywhere?
  • What is the retention policy on files and emails? Can staff simply delete items or do you automatically archive them?
  • Is there a defined “guest” network with suitable security restrictions in place?

It may be that you don’t have blanket bans on these items, but instead define acceptable behavior and excessive use parameters. However, if you don’t even think about it you’re leaving yourself open to serious security problems.