EMPLOYEE ACCEPTABLE USE POLICY

Employee Acceptable Use Policy

Employee Acceptable Use Policy

Introduction

When it comes to enforcing the security of organizational information resources, users are increasingly seen as the weakest link in the chain. Indeed, many organizations now view internal security threats to be a far more pressing issue than external threats such as hackers, viruses or natural disasters. As the internal threat is often the result of poor security practices, on the part of the user, it can be argued that increasing user awareness, particularly with regard to what behaviors are accept- able and unacceptable, should greatly help to nullify the internal threat. Against this backdrop, the acceptable use policy has been promoted as an organization's key defense against the internal threat. (Johnson, 2000)

Although the Internet provides organizations with numerous business benefits, argues persuasively that it also provides employees with access to the world's largest play ground, in which they can waste time gambling, shopping, chatting, or simply browsing. Although the Internet is the most obvious computer resource upon which employees might waste time by engaging in cyber loafing (Lim, 2002), it is not the only one, as unproductive behaviors, such as game playing, can also be witnessed on the stand-alone PC. However, it has been argued that not all forms of cyber loafing are intrinsically harmful to the host organization, particularly if they help reduce employees tress and burnout. Consequently, a key aim of the AUP is to clearly articulate, to users, which behaviors are deemed to be appropriate and what is in appropriate behavior, with respect to their use of corporate IT resources.

Discussion

Many very serious external threats such as Trojans, hackers, worms or viruses can be facilitated through naïve or sloppy user behavior, such as poor choice of passwords, sharing passwords or the injudicious clicking on web links or opening of attachments in emails from unknown senders. Consequently, in addition to clarifying the organization's position with regard to the use of its computers, it was suggested that the AUP should also aim to minimize security threats, by promoting user aware- ness and good security practices. In most countries, organizations also have a legal obligation to take all reasonable steps to ensure that their employees can work in an environment that is free from all forms of harassment and discrimination. Unfortunately, there is significant evidence to suggest that many employees have been tempted to behave inappropriately or illegally, in their use of information systems. For example, in cases in which employees have been found to have used corporate information technologies to harass, discriminate, defame, act obscenely or breach copyright, then legal cases have successfully been brought against the employer. Consequently, highlights the important role that the AUP should also play in minimizing the threat of litigation that organizations face, by making it clear to employees exactly what type of behaviors are absolutely unacceptable, because they might result in a costly law suit.

Not only is it important that the AUP fulfils each of this broad roles and objectives, it is essential that the ...