Up to 95% of cyber incidents can be connected to user errors including incidents caused by improper use of networks and devices. One way to reduce user error and better control the use of your I.T. assets is to institute a robust Acceptable Use Policy.
An Acceptable Use Policy is a set of rules your users must follow when using your I.T. assets. This policy explains how users are allowed to use your I.T. assets such as your network, website, social media, and systems. The policy also should outline what use is not allowed and explain the consequences of breaking the rules. When creating your organization’s policy, include the following information.
EXPLANATION- Your policy should list activities that constitute both acceptable and unacceptable use. Explain each rule with further details and consequences for non-compliance.
PERSONAL USE- Is any personal use of your IT assets allowed? Can employees stream music or check the news while on your network or device? Ensure you define what personal use is prohibited and allowed.
TRAINING- No policy is effective unless users know and understand the rules. Require users to confirm they have read your policies before allowing access to your I.T. assets.
An Acceptable Use Policy is just one of the I.T. and Cybersecurity policies your organization should follow to reduce your cyber risk. If you would like to learn more about creating cybersecurity policies for your organization, contact the DIG Team through the Contact Us button or any of the contact information below.