Here are some things to think about when it comes to creating an acceptable use policy for business-issued devices.
If you’ve decided to issue devices to your employees, like laptops and work phones, it’s a good idea to have policies in place to make sure they’re used appropriately and to prevent cybersecurity risks. Here are some helpful things to consider when creating your acceptable use policy for employees (AUP):
Rules for what your employees can and can’t do with the devices
Your employees need to know what they can and can’t use the devices for. So, it’s important to set rules and be clear which devices the policy applies to such as business-issued laptops, mobile phones and tablets. Decide what your employees are allowed to do with the devices like using them for work-related tasks only, and what they can’t do such as visiting inappropriate websites or downloading unauthorised software. Teach your employees how to follow the policy and how to use the devices safely and securely - this could include using strong passwords and reporting any lost or stolen devices straight away.
Bring Your Own Device (BYOD) policy
If you want to give your employees the flexibility of working from anywhere by using their personal devices for work, then you’ll need a Bring Your Own Device (BYOD) policy.
What happens if they break the rules of the policy
You’ll also need to make sure that your employees understand what will happen if they break the rules. The consequences could include disciplinary action, or the device being taken away from them. Remember that it’s your responsibility as the employer to make sure every individual is aware of and realises what will happen if rules are broken. So it's helpful to use simple language, be specific throughout your policy and get employees to sign a document saying they’ve received and understood it.
Protecting your business legally
An easy-to-understand acceptable use policy benefits and protects both your business and your employees. Any information or data shared digitally comes with certain security risks. This is called cyber liability and basically means there are risks involved when a business uses technology or stores data that makes it vulnerable to cyber-attacks and data breaches. Having the policy in place not only helps prevent these things happening in the first place but can also help you legally protect your business should a mistake or breach of security ever happen because it shows that you take your cyber responsibilities seriously and have taken steps to reduce risk.
Keeping your policy updated
Because technology and security issues are always changing it’s sensible to review your policy regularly, otherwise you might find that it isn’t effective when you need it.
It’s also worth making sure your policy is also up to date with technology and data security laws and regulations which can change over time. And finally, remember to let your employees know about any updates or changes to the policy and confirm they understand all of the procedures they need to follow to help keep themselves and the business safe and secure.
Every AUP will be unique, so these are important things to consider to ensure that yours is written to support your particular business.
For more support discover our free business support helpline and speak to one of our Business Advisers by phone, contact form or web chat.
Wondering what you can ask? Our team can help with a range of digital topics