An AUP documents what employees are allowed to do with their organization’s technology resources. It extends beyond devices (such as laptops, tablets, and smartphones) and into network access and software usage, among other things.
Many AUPs contain gray areas when it comes to employees who bring their own device but still access their corporate resources. When is it acceptable to limit device usage? Which services should be controlled by the organization and which should the user allowed to have choice?
And, as we’ll find out, the 2019 index points out a variety of gaps in many acceptable use policies.
1. Mobile-Specific Content
Just over a quarter (27%) of policies fail to make reference to mobile-specific content.
This is risky because many apps require access to a smart device’s microphone, calendar, contacts, location, or camera and photo album.
Granting permission to any of these features could give access to bad actors, setting your business up for exploitation.
Nearly half (42%) of AUPs fail to address unapproved apps, such as using social media apps with personal accounts.
This area is tricky: while some companies may consider social media a waste of time, others believe that employees improve job performance social media.
Beyond social media, other unapproved apps may open up users to malware and ransomware from apps in the public app stores, as well as custom apps that fail to take the necessary security precautions.
3. Personal Use
Whether texting your girlfriend or calling to dispute a charge on your credit card bill, you’re potentially using a company device for personal usage.
Surprisingly, 42% of businesses don’t address using devices for personal matters in their AUP.
4. Unapproved Networks
Verizon’s reporting suggests that employees “let convenience take precedence over what they know is right” when it comes to accessing unapproved networks, “and they are prepared to risk the consequences.”
What users think is a public hotspot at their local coffee shop or hotel they’re staying in could instead be a trap. The network may be set up to look legitimate, but that hotspot may instead be an open door to a potential hacker.
Always connect to a known, trusted, secure network when accessing work information on a device.
5. Extreme/Illegal Content
Amazingly, 43% of organizations’ AUPs don’t cover extreme or illegal content, such as: