Acceptable Use of Technology

Home » Acceptable Use of Technology

Computer use is ubiquitous in state government and agencies. Having strong acceptable use policies can help protect against the significant security, privacy, and other threats to an organization. It is recommended that every organization have an acceptable use policy for computers, tablets, phones, and other mobile devices, whether they are owned by the organization or privately by the employees themselves and brought to work.

  • Sort employee roles into groups with similar computer use needs
    • Ex: social media access may be needed by marketing groups and thus require a more liberal policy, whereas other groups may have no relevant use for social media, of which its use will either be outside the scope of their work and be a potential security concern.
  • Assess whether employees need to download software
    • Ex: downloading software can be made off limits, or an approval process can be created where employees can request to download certain programs, which are first reviewed by IT and management.
  • Establish how you will limit access
    • This can be achieved with technical controls, such as blocking certain websites. Companies can rely on trusting employees to use their best judgement but need to remain aware of the risks of not limiting access.
    • Assess the severity of the violations including but not limited to: loss of productivity, security concerns, monetary damages
    • Determine how difficult it would be to set up the controls
  • Address the issue of social media directly
    • The acceptable use policy should explicitly address use of social media sites during work hours and at work.
      • Note, some employees may have a legitimate work need for social media, make exceptions based on the department and employee necessity.
  • Create an informative policy regarding acceptable social media and blog posts, both during and outside of work
    • Keep in mind employees have a first amendment right to post on social media sites and other sites
    • Employers are allowed to restrict posts regarding:
      • Private and sensitive information;
      • Proprietary information.
  • Establish appropriate repercussions for violating the policy
    • Ensure employees are aware of the repercussions.
  • Establish a training policy to ensure employees comprehend and follow the policy
    • Employees can only follow a policy if they have understand and comprehend the policy
  • Explain why the policy exists so employees will be more likely to abide by the policy
    • Tip: Tutorials that require active participation are a good strategy for policy comprehension