All organizations should be concerned with how their employees interact with corporate resources and potentially sensitive data. By establishing and enforcing clear rules and guidelines, companies have a leg to stand on if a careless or malicious employee harms the network or the data contained in your environment.

An acceptable use policy is a document that sets ground rules for your employees factoring in your unique mission, vision, risk appetite, workflows, and technical assets. The importance of building a custom acceptable use policy that can be easily disseminated, understood, and followed cannot be understated. Your organization needs an acceptable use policy for these reasons:

  • To establish a protocol to guide employee behavior when handling your network assets and potentially sensitive data.
  • To help organizations mitigate risks caused by employees.
  • To set forth sanctions for employees whose behavior falls outside stated guidelines.
  • To ensure uniform behavior across all departments.

Acceptable use policies also deal with new security concerns that didn’t exist years ago such as mobile device management and bring-your-own-device (BYOD).