Company policies and procedures such as an internet usage policy, work from home policy, or endpoint security policy are excellent tools for providing your employees with an understanding of how they are expected to conduct themselves in your organization, but if they are not properly enforced your expectations will be forgotten or outright ignored.
When properly enforced, policies and procedures provide help keep your organization and users safe and productive. In this article, you will learn how to ensure compliance with policies and procedures. This article will use an internet acceptable usage policy as an example, but these principles apply to any policy or procedure you may implement.
Cybersecurity acceptable use policies (AUP) that address the acceptable use of technology in the workplace are designed to communicate how work devices are intended to be used. Company policies on technology usage have a number of intentions, including:
To effectively enforce your acceptable use policies, you first need to ensure that your users understand what is being asked of them. The policies need to be written with your audience in mind – the word choice for an internet acceptable use policy for employees is going to be conveyed far differently than a policy for young students or the general public.
An acceptable use policy is intended to set clear internet usage expectations for every user in your network. By focusing on the communication aspect of policy development you can work to create a workable AUP that clearly outlines how technology will be used in your organization.
Having acceptable use policies for workplace technology easily accessible on shared networks makes it easy for employees to refresh their knowledge on how they are expected to use company equipment.
Acceptable use policies are not intended to be a ‘set it and forget it’ measure – they’ll simply be forgotten or ignored that way. If you want your AUPs to be truly successful, you need to keep the content and intention of your policies fresh in the minds of your employees by making policy engagement a normal practice in your organization.
The sensitivity of the data that your organization handles and the related regulations that apply to it will heavily influence your policy awareness planning. Is your AUP a legally binding document intended to protect personal health information or is it a general policy in your employee handbook?
Corrective action is a necessary component of policy enforcement; a policy without enforcement is simply a hopeful thought that will ultimately be neglected. Do not create policies that you do not intend to enforce – the inconsistency of enforcement will lead to confusion and frustration among your employees.
If you’ve ensured your due diligence by clearly communicating the technology use expectations of your workplace, your employees should never feel surprised by your policy enforcement measures. By making policy awareness a priority, you can ensure that corrective action measures are an expected consequence when addressing an employee’s misuse of technology.
Depending on the sensitivity of the data and systems managed by your organization you will need to determine the degree of corrective actions.
Acceptable use policies that dictate the acceptable use of the internet in the workplace will often include details regarding the employer’s stance on employee productivity and the use of distracting websites during the workday. While it is not common for employees to be fired for occasional cyberloafing, actively engaging in time theft or doing things that are not safe for work is often grounds for dismissal.
Employee internet management software is essential for enforcing the acceptable use of the internet. It includes web filtering software for proactively blocking websites and employee computer monitoring software for insights into how employees are using technology in the workplace.
In terms of enforcing an AUP in cyber security, internet management software ensures that high-risk websites are not visited on managed computers.
Software for monitoring employee computer use will provide you with tangible insights into the effectiveness of your acceptable use policies. These tools will identify the employees that require further attention, providing the resources needed to ensure that the misuse of technology goes properly addressed.
internet monitoring software such as BrowseReporter tracks application and internet activities, allowing you to address workers that are using technology inappropriately.
Your employees will not agree with every policy and procedure they are expected to follow. That said, making a genuine effort to foster buy-in when developing a new policy for employees will make the enforcement of your policies significantly easier as they will be less motivated to be actively non-compliant with your expectations.
With an acceptable use policy that is understandable, accessible, reasonable, and backed up with industry-standard computer monitoring software, your organization will be better equipped to enforce the safe and respectable use of technology of your users.
The five tips above provide an excellent start for creating an environment where AUPs are respected and properly enforced, providing your organization with an added layer of security against cybersecurity threats and other vulnerabilities caused by the negligent use of technology.
If you have not yet developed your organization’s acceptable use of technology policies such as an internet policy or information technology policy, we’ve created one that you can use here.
Ready to get advanced insights into how your employees spend their time? Reach out to the CurrentWare team for a demo of BrowseReporter, CurrentWare’s employee and computer monitoring software.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |