TITLE OF THE ISSUE: PRIVACY AND SECURITY

TITLE OF THE ARTICLE: THE IMPORTANCE OF AN ACCEPTABLE USE POLICY

SOURCE: https://www.itispivotal.com/post/the-importance-of-an-acceptable-use-policy

AUTHOR: BETH STEWART

SUMMARY: An Acceptable Use Policy is also one of the few documents that can physically show “due
diligence” with regards to the security of your network and the protection of sensitive information and
client data in the event of a breach or regulatory audit. Sometimes referred to as an Internet and E-mail
Policy or Acceptable IT Use policy. An AUP serves many of the same functions as the long winded Terms
of Service that you see when signing up for a new service. Despite the difference in terms, these policies
provide statements as to what behavior is acceptable from users that work in or are connected to a
network.

The findings of the recently released SANS Institute 2016 Threat Landscape Study and fourth
annual Checkpoint Security Report may help to provide some additional perspective on why an
Acceptable Use Policy is imperative for your organization. The study reveals a 400 percent increase in
the loss of business data records over the past 3 years. The most common entry point for threats into a
network? End user actions. The arguments between productivity, protection and privacy can make
mobile device security a difficult topic to address. Users are now more comfortable blurring the lines
between personal and work when it comes to personal mobile devices, not always thinking about the
implications. Most employees do not want to be the cause of a network breach or data loss, yet one in
five will do so either through malware or malicious WiFi¹. All it takes is one infection on one device to
impact both corporate and personal data and networks.

WHAT LESSON HAVE YOU LEARNED:

I found out that an acceptable use policy is also known as a fair use policy or terms of use. An AUP clearly
states what the user is and is not allowed to do with these resources. So I learned that every company
relies on technology to operate its business, and has employees who everyday use the company’s
computers, email, and internet access to perform their jobs. These should also be communicated with
others outside the company. That is why it is so important to have effective acceptable use policies
regarding their use of their computer, email, and internet.

WHAT SUGGESTIONS CAN YOU OFFER

 Have an understanding of what records and data are vital to the survival of your organization and
the internal and external forces that can affect them.
 Create policies that consider business assets, processes and employee access to files and data.
 Address employee-generated content, communication channels and connected devices.
 Evaluate security measures (physical and network-related) and potential solutions.
 Monitor and enforce policy via security technology and human oversight.
 Train employees to recognize risks and refrain from insecure behaviours.

SUBMITTED BY: JOCELYN LL. MIRANDA

BEED BLOCK 3