7 Points Your Acceptable Use Policy Must Address

What do you need in an acceptable use policy?

Have you ever participated in an office lottery pool using a mobile device? 

Did you know that such a pool is technically illegal? 

You might not have, given the lack of comprehensive acceptable use policies. 

In fact, only 19% of businesses reported having a comprehensive AUP, according to the Verizon Mobile Security Index 2019—less than half (45%) have one at all.

What Is An Acceptable Use Policy? 

An AUP documents what employees are allowed to do with their organization’s technology resources. It extends beyond devices (such as laptops, tablets, and smartphones) and into network access and software usage, among other things.

Many AUPs contain gray areas when it comes to employees who bring their own device but still access their corporate resources. When is it acceptable to limit device usage? Which services should be controlled by the organization and which should the user allowed to have choice?

And, as we’ll find out, the 2019 index points out a variety of gaps in many acceptable use policies. 


1. Mobile-Specific Content

Just over a quarter (27%) of policies fail to make reference to mobile-specific content. 

This is risky because many apps require access to a smart device’s microphone, calendar, contacts, location, or camera and photo album. 

Granting permission to any of these features could give access to bad actors, setting your business up for exploitation.

Do your employees know how to keep your data secure? Help raise security awareness with our free guide! 

2. Unapproved Apps

Nearly half (42%) of AUPs fail to address unapproved apps, such as using social media apps with personal accounts. 

This area is tricky: while some companies may consider social media a waste of time, others believe that employees improve job performance social media. 

Beyond social media, other unapproved apps may open up users to malware and ransomware from apps in the public app stores, as well as custom apps that fail to take the necessary security precautions.


3. Personal Use

Whether texting your girlfriend or calling to dispute a charge on your credit card bill, you’re potentially using a company device for personal usage. 

Surprisingly, 42% of businesses don’t address using devices for personal matters in their AUP. 


4. Unapproved Networks

Verizon’s reporting suggests that employees “let convenience take precedence over what they know is right” when it comes to accessing unapproved networks, “and they are prepared to risk the consequences.”

What users think is a public hotspot at their local coffee shop or hotel they’re staying in could instead be a trap. The network may be set up to look legitimate, but that hotspot may instead be an open door to a potential hacker. 

Always connect to a known, trusted, secure network when accessing work information on a device.


5. Extreme/Illegal Content

Amazingly, 43% of organizations’ AUPs don’t cover extreme or illegal content, such as:

  • Hate speech
  • Child abuse and child pornography
  • Cyberbullying
  • Illegal streaming
  • Accessing some deep web content

These must be included in the policy. 


6. Adult Content

Think of four of your coworkers.

Odds are that 3 in 5 of you have consumed adult content while at work (even if by accident). 

That’s right: 59% of people have viewed porn at work, according to Sugarcookie

And 46% of AUPs don’t cover it. 

Be sure to include adult content in your organization's acceptable use policy. 


7. Gambling

Finally, 53% of AUPs leave out gambling. 

This could include activities such as office lottery pools and even March Madness. 

When compiling an acceptable use policy for your organization, please consider including these seven points. 

Alternatively, contact Integrity today to help you craft an AUP for your business. 

Download Our Security Awareness Guide

Read On