Have you ever participated in an office lottery pool using a mobile device?
Did you know that such a pool is technically illegal?
You might not have, given the lack of comprehensive acceptable use policies.
In fact, only 19% of businesses reported having a comprehensive AUP, according to the Verizon Mobile Security Index 2019—less than half (45%) have one at all.
An AUP documents what employees are allowed to do with their organization’s technology resources. It extends beyond devices (such as laptops, tablets, and smartphones) and into network access and software usage, among other things.
Many AUPs contain gray areas when it comes to employees who bring their own device but still access their corporate resources. When is it acceptable to limit device usage? Which services should be controlled by the organization and which should the user allowed to have choice?
And, as we’ll find out, the 2019 index points out a variety of gaps in many acceptable use policies.
Just over a quarter (27%) of policies fail to make reference to mobile-specific content.
This is risky because many apps require access to a smart device’s microphone, calendar, contacts, location, or camera and photo album.
Granting permission to any of these features could give access to bad actors, setting your business up for exploitation.
Nearly half (42%) of AUPs fail to address unapproved apps, such as using social media apps with personal accounts.
This area is tricky: while some companies may consider social media a waste of time, others believe that employees improve job performance social media.
Beyond social media, other unapproved apps may open up users to malware and ransomware from apps in the public app stores, as well as custom apps that fail to take the necessary security precautions.
Whether texting your girlfriend or calling to dispute a charge on your credit card bill, you’re potentially using a company device for personal usage.
Surprisingly, 42% of businesses don’t address using devices for personal matters in their AUP.
Verizon’s reporting suggests that employees “let convenience take precedence over what they know is right” when it comes to accessing unapproved networks, “and they are prepared to risk the consequences.”
What users think is a public hotspot at their local coffee shop or hotel they’re staying in could instead be a trap. The network may be set up to look legitimate, but that hotspot may instead be an open door to a potential hacker.
Always connect to a known, trusted, secure network when accessing work information on a device.
Amazingly, 43% of organizations’ AUPs don’t cover extreme or illegal content, such as:
These must be included in the policy.
Think of four of your coworkers.
Odds are that 3 in 5 of you have consumed adult content while at work (even if by accident).
That’s right: 59% of people have viewed porn at work, according to Sugarcookie.
And 46% of AUPs don’t cover it.
Be sure to include adult content in your organization's acceptable use policy.
Finally, 53% of AUPs leave out gambling.
This could include activities such as office lottery pools and even March Madness.
When compiling an acceptable use policy for your organization, please consider including these seven points.
Alternatively, contact Integrity today to help you craft an AUP for your business.
