Acceptable Use Policies Not Acceptable Enough

One would have thought that by now every company would have got the message that they need to have an effective and up-to-date acceptable use policy (AUP) in order to protect their interests from illegal or inappropriate Internet use by employees. Unfortunately that’s not the case. A recent survey carried out by Chronicle Solutions, a leading UK vendor of communications monitoring products, has revealed that 31% of British firms don’t have an AUP. And of the ones that did, only around one in twenty had read it recently. Only a third asked new hires to read, agree and sign it off. And 80% of respondents weren’t certain if there were penalties for breaching the policy. On top of that very few policies included IM and Web mail. And none addressed blogging.

These are serious failings which must be fixed quickly if employers and employees are to prepare themselves for the onslaught of the current revolution in social computing. We need an education drive to bring managers and employees up to speed. It also makes me wonder whether larger, more experienced organizations are being put at risk by smaller suppliers who may have little or no control over their employee’s behaviour. It wouldn’t be the first time that we’ve found that poorly supervised supply chains are the soft underbelly of our security defences.