New media has changed the way businesses use the Internet. While organizations have previously been using the Internet solely as a tool for publishing information, social media, cloud computing, and a host of other services have resulted in users gaining access to resources, and possibly engaging in unwarranted activities online.
Technologies are open to abuse. Businesses are increasingly allowing employees to bring their own devices to connect with the office network. Even work-related activities can sometimes cross the line toward personal. For instance, while businesses are now using social media like microblogging services and social networks, employees who are directly responsible might use these inappropriately.
As such, there is a need to define the rules. Acceptable Use Policies have traditionally included rules on telephone use and Internet access. But with the changing information landscape, there is a need to implement rules that are both fair and practical, noting that rules that are too strict can stifle innovation and productivity.
Here are a few basic ideals.
Flexible and adaptable. AUPs are usually incorporated into employment agreements, but these are often static. Organizations need to be agile, and should be able to adjust according to changing trends. Organizations should be able to change their AUPs as the need arises, especially when there are new technologies that could be threats to productivity.
But aside from just viewing the Internet as a threat, organizations can adopt to changing perspectives. For instance, social media like YouTube and Facebook were once considered wastes of time and resources in the workplace. Today, though, businesses are increasingly using these tools for marketing, brand awareness and engaging with customers.
Enforceable and actionable. An AUP is only as good as how your IT department can enforce it. As such, rules that are impossible to enforce would only be easy to circumvent. Also, an organization will need to implement monitoring tools that enable IT staff to adequately screen usage that is not within the policy. Also, the AUP should be enforced in a fair manner, which would encourage users to positively adhere to the rules, rather than users trying to covertly go around it. Also, the rules should apply to everyone, including senior-level staff and managers, and even the IT department.
Visible and available. Your AUP is only good if people are aware of the rules, and which actions they can do or not do. As such, any breaches in the acceptable use policy should result in a notification through trackable channels, such as email. It would also be good to remind users of the acceptable use policies on a regular basis. For example, you can set the office firewall to display the policies the first time a user accesses the Web in the morning. Given that most users would probably just scroll down and click “OK” or “Accept,” you can provide a short outline, which can catch users’ attention better. It’s also a good idea to indicate that the AUP is being enforced for both the users’ and the organization’s protection, such as preventing viruses and other malware from infiltrating the system.
Organizational support. Even if an IT department can implement and enforce an AUP, it would be of no use if the entire organization does not support it. As such, policies should have the support of key organization personnel, including the management team and the human resources department. This way, whatever sanctions that need to be enforced can be done with full support of the people responsible for handling employees and employee concerns. Otherwise, the AUP would only be a policy on paper, but would be difficult to enforce if management is not keen on implementing it.
AUPs should be viewed in a positive light, rather than as a restrictive set of rules that users might learn to shun. Different organizations will have different requirements, and management would have to tailor-fit these according to their needs.