Guidance on creating, implementing, and enforcing acceptable use policies that govern how employees and users interact with organizational technology resources. Covers policy templates, key provisions, enforcement strategies, and how AUPs reduce security risk.
posts
In 2023, a single employee at MGM Resorts used a corporate credential to respond to a social engineering call. The threat actor impersonated IT, gained access, and triggered a ransomware attack that cost the company over $100 million. The kicker? A well-enforced acceptable use policy — one that clearly defined how
In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue
In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server. That single credential failure contributed to one of the most devastating supply chain breaches in modern history, compromising at least nine federal agencies and over 100 private companies. The root cause wasn'
The Policy Nobody Reads Until It's Too Late In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server — a credential so weak it became a punchline at Congressional hearings. But here's the question nobody asked loudly enough: did SolarWinds
The Policy Nobody Reads Until It's Too Late In 2023, a single employee at MGM Resorts called the help desk, and a threat actor used social engineering to gain access that led to a $100 million hit on operations. One phone call. No malware exploit. No zero-day vulnerability.
The Policy Gathering Dust in Your Shared Drive In 2023, the city of Dallas was hit by a Royal ransomware attack that crippled municipal services for weeks. Investigators traced the initial access back to a service account and poor access controls — exactly the kind of risk a well-enforced acceptable use
