Thinking back on my first office job, I recall my supervisor going to great lengths to explain to me that the company phone was for business use only, and that if I was caught making personal calls I would be warned, written up and then fired. At that time nobody referred to this edict as an "Acceptable Use Policy." In fact, it was more along the lines of a "Call Your Buddies and You're Outta Here Policy."
When blogs gained traction, more companies became concerned with acceptable use. And now that social media rules the day, AUPs have become more the rule than the exception. In fact, if your company doesn't have an AUP in place, you'd be well advised to develop one, pronto. And even if you have such a policy, with the advent of social media, now's a great time to update your rules regarding acceptable use.
Social media communications are interactive, difficult to retract and occur in real time. If they aren't monitored or managed, they can increase your company's liability or damage its reputation. So the proper care and feeding of your AUP that includes an updated social media component is critical.
M86 Security, an Orange, Calif.-based company specializing in real-time Web and e-mail threat protection, offers these tips to make sure your Acceptable Use Policy is social media-proof:
- If you already have an AUP in place, update it to include social media concerns.
- Part of that update should include expanding your current e-mail communications policy to all Internet users within the company. Implement unacceptable language and image filters, and for global organizations, take into consideration any local customs, colloquialisms or phrases.
- Limit access to well-known social media sites or list sites that only pertain to your company.
- Encourage employees to create two networks -- one work-related and one personal -- and then limit access to personal networks to lunchtime or after hours. Allow open access to work-related networks.
- Review privacy settings on social media sites that feature your corporate profile.
- Outline the level of social network activity that is acceptable to your company. Allow some employees to post only to the corporate profile. Allow view-only access to employees except during limited times at some stage of the day.
- Limit the ability to install plug-ins for games and other embedded features on social networks. Unmonitored use of these features can impact network security -- not to mention employee productivity.