Your office provides you many perks as an employee. There’s a computer for you to use—often at the office and at home. There’s a phone. There’s an email system. There’s a server where you can not only access shared internal documents, but you can save files there, as well. There’s stable Wi-Fi, new software, and an endless supply of coffee. It’s everything you have ever dreamed!
When using these resources, it’s important to be mindful of your organization’s Acceptable Use policies and procedures. These policies are intended to protect you and the company’s assets from security threats, such as malware attacks and network security vulnerabilities, as well as from potential lawsuits and fines. They also ensure that everyone within the organization is using company resources responsibly, and for business purposes.
While your company is likely to have a specific Acceptable Use policy for you to review and follow, below are some best practices common to most policies.
When you started your job, you were given certain communication tools to help you perform your job better and easier. One of those tools was a company email address. This email address should only be used for professional purposes. Sending non-business related emails from your work email, on a work computer or device, or even on our network violates most company policies.
Some other considerations for email use:
- Avoiding sending “spam” (unsolicited, non-business e-mails) messages using your business email account or work-issued mobile device.
- Do not use your business email account for purposes other than those specifically related to your work duties.
- Be careful when giving out your work email in order to reduce the risk of malware attacks and social engineering.
In addition to an email address, you may have also been given a mobile device or access to your company’s instant messaging program. Like your work email account, these should only be used for work matters, or emergencies should they arise.
It goes without saying that the Internet is an incredible tool for most of us during our everyday work lives. It allows us to quickly find answers, find people, and it connects us to other services. However, it can also be a time suck when employees use the Internet for, well, non-work purposes. While these instances may seem harmless, they can actually add up quite significantly. Careless web surfing can also expose our devices, and our networks, to attacks and intruders.
Below are some considerations for acceptable Internet use:
- Only access appropriate websites. Just because a site isn’t explicitly blocked does not mean it is appropriate.
- Do not use the Internet for purposes that extend beyond your work responsibilities.
- Do not install browser helpers, toolbar add-ons, smiley icons, or news aggregators. Many of these add-ons contain spyware that sends your Internet use statistics to a third party and could compromise security.
Whether it’s a work-issued laptop, the latest image software or copyrighted material owned by your company, you’re responsible for protecting the security of company devices, software, and systems at all times.
Below are some considerations for protecting company resources:
- Understand that unauthorized copying, downloading, distribution, or installation of any copyrighted material on your network or devices is often strictly prohibited and could even result in legal action.
- Using software owned by your organization or your network for purposes other than those necessary to fulfill your job responsibilities is not acceptable.
- You are responsible for protecting the security of corporate systems. That means you should always log out of shared systems and take precautions to protect all of our information—like turning off your computer at the end of every workday.
Of course, it’s worth noting that this doesn’t just apply to software or devices, but also to confidential and propriety information, as well as any nonpublic information trusted to us by employees, customers, and business partners. Your company entrusts you with all kinds of resources and material. It’s your job to protect them and to keep them secure.
Remember, Acceptable Use policies and procedures apply to everyone, and it’s your responsibility to know and follow them. While the best practices outlined above will help keep you in the clear, it’s always best to seek out your organization’s official Acceptable Use to better understand your role in corporate security.