Skip to main content

Acceptable Use

Introduction

Our customers (consumers and businesses) trust us, and they expect us to protect the data and resources they've shared with us. Part of how we'll uphold that trust is through pre-established policies so we don't need to make key decisions in critical moments. Below, we explain the sections of our acceptable use policy: what each protects against, why a customer may care, and why we think each is important. We don't mean for the Acceptable Use Policy to intimidate, but we do aim for it to be clear.

General Use and Ownership

This section explains policy around separating work activities from personal activities as much as possible. Understand that the systems you use for work, including a company-provided laptop, have a much lower expectation of privacy than systems you own.

You must limit the personal use of company-provided devices as much as possible and remember that corporate devices are not your personal property. Our policies are strict so that we do not have to make judgment calls on a case-by-case basis in high-stress situations.

You may use your company devices for reasonable personal use, but remember that company devices are not yours because:

  • If the company is sued, all its devices are subject to discovery, which means opposing counsel will have access to your data and information and it will be subject to legal review.

  • When we troubleshoot our systems, company administrators will have access to your information and data.

  • We may terminate a Team Member, which may include giving another Team Member access to the terminated Team Members' devices and accounts, including all information and data on those accounts.

  • If we are breached, outside investigators will likely inspect all use of an account and/or device, no matter its purpose.

Security and Proprietary Information: This section describes behaviors the company expects of you, including password hygiene and the use of multi-factor authentication.

Acceptable Use: The first part of this section details the consequences for malicious, negligent, and/or delinquent behavior. Neither intentionally harm others nor break laws. The section's second part emphasizes that your employment by WeSalute does not make you one of our public representatives. Instead, public communication and brand are controlled centrally at WeSalute. While email and social media are mentioned specifically, please be conservative overall in how you represent yourself as a Team Member.

Policy Compliance: This section details the SystemOps Team's role in measuring, enforcing, and making exceptions to the information policy and the potential consequences, including, for policy violations.

Overview

WeSalute's intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to WeSalute's established culture of openness, trust, and integrity. Instead, the SystemsOps Team is committed to protecting WeSalute's Team Members, partners, customers, and WeSalute from illegal or damaging actions by individuals, either knowingly or unknowingly. Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of WeSalute.

Our systems are to be used for business purposes in serving the interests of WeSalute, and of our clients and customers in the course of normal operations. Effective security is an organizational effort involving the participation and support of every Team Member and affiliates who deals with WeSalute information and/or information systems. It is your responsibility as a Team Member to know these guidelines and to conduct your activities accordingly.

Purpose

The purpose of this policy is to outline the acceptable use of devices at WeSalute. These policies are in place to protect you and WeSalute. Inappropriate use exposes WeSalute to risks including virus attacks, compromise of network systems and services, and legal issues.

Scope

This policy applies to the use of information, electronic and computing devices, and network resources to conduct business or interact with internal networks and business systems, whether owned or leased by WeSalute, the Team Member, or a third party. All Team Members, contractors, consultants, temporary, and other workers and its subsidiaries are responsible for exercising good judgment regarding the appropriate use of information, electronic devices, and network resources in accordance with policies and standards, and local laws and regulation. Exceptions to this policy are documented in the section Exceptions under Policy Compliance. This policy applies to Team Members, contractors, consultants, temporaries, and other workers at WeSalute, including WeSalute-affiliated personnel employed with third parties. This policy applies to all equipment that is owned or leased by WeSalute.

Policy

General Use and Ownership

  • Proprietary information stored on electronic and computing devices whether owned or leased by WeSalute, the Team Member, or a third party, remains the sole property of WeSalute. You must ensure through legal or technical means that proprietary information is protected in accordance with the Data Protection Policy.

  • You have a responsibility to promptly report the theft, loss, or unauthorized disclosure of proprietary information.

  • You may access, use, or share proprietary information only to the extent it is authorized and necessary to fulfill your assigned job duties.

  • For security and network maintenance purposes, authorized Team Members within WeSalute may monitor equipment, systems, and network traffic at any time, per WeSalute's auditing practices, details of which are documented in relevant technology and security-related policies.

  • WeSalute reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

Security and Proprietary Information

  • All mobile and computing devices that connect to the internal network must comply with the Workstation & Asset Management Policies.

  • Providing direct access to another individual to proprietary information, either deliberately or through failure to keep access secure, is prohibited.

  • Postings by Team Members from an email address to public digital content networks (e.g. newsgroups, social networks, forums, newsletters, or chats) should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of WeSalute, unless usage is in the course of business duties.

  • You must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malware.

  • You must use multi-factor authentication to authenticate to corporate accounts whenever available.

  • You must use our 1Password password manager to avoid insecure or shared passwords with accounts.

  • You must encrypt your devices if asked, and must not interfere or otherwise reduce the level of encryption on their devices.

  • You must install OS updates onto their devices if asked or prompted by notifications. You should also be proactive about applying OS updates to your devices.

  • You must use antivirus software to protect the integrity and confidentiality of their laptops if asked, and must not interfere or otherwise prohibit antivirus activities on their devices.

Unacceptable Use

The following activities are, in general, prohibited. Team Members may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., SystemsOps may have a need to disable the network access of a host if that host is disrupting production services).

Under no circumstances is a Team Member authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing WeSalute-owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

System and Network Activities

The following activities are strictly prohibited, with no exceptions:

  • Your violation of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by the company.

  • Your unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the end-user does not have an active license is strictly prohibited.

  • Your exporting of software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. You must consult WeSalute LegalOps prior to the export of any material that is in question.

  • Your introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).

  • Revealing of your account password to others or allowing the use of your account by others. This includes your family and other household members when work is being done at home.

  • You using a company device to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workspace laws.

  • Making fraudulent offers of products, items, or services originating from any account.

  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties.

  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which you are not an intended recipient or logging into a server or account that you are not expressly authorized to access, unless these duties are within the scope of your regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious purposes. WeSalute Security Team Members providing pre-planned penetration testing and vulnerability scans on corporate networks, infrastructure and end user devices are exempt from this due to the nature of their job duties.

  • Port scanning or any security scanning is expressly prohibited unless the WeSalute Security Team is notified in advance. WeSalute Security Team Members providing pre-planned penetration testing and vulnerability scans on corporate networks, infrastructure and end user devices are exempt from this due to the nature of their job duties.

  • Executing any form of network monitoring which will intercept data not intended for the Team Member's host, unless this activity is a part of your normal job/duty. WeSalute Security Team Members providing pre-planned penetration testing and vulnerability scans on corporate networks, infrastructure, and end-user devices are exempt from this due to the nature of their job duties.

  • Circumvention of user authentication or security of any host, network, or account. WeSalute Security Team members providing pre-planned penetration testing and vulnerability scans on corporate networks, infrastructure, and end-user devices are exempt from this due to the nature of their job duties.

  • Introduction of honeypots, honeynets, or similar technology on the network.

  • Interfering with or denying service to any user other than your host (for example, distributed denial of service (DDoS) attack).

  • Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a terminal session, via any means, locally or via the Internet/Intranet/Extranet.

  • Providing information about, or lists of, Team Members to parties outside WeSalute.

Email and Communication Activities

When using company resources to access and use the Internet, you represent WeSalute. Whenever you state an affiliation to WeSalute, you must also clearly indicate that "the opinions expressed are my own and not necessarily those of WeSalute." Questions may be addressed to ExecutiveOps.

tip

All email accounts for Team Members are provisioned using firstName.lastName@wesalute.com naming convention. Even if you're email is not in this format it is aliased to this email address and works to recieve email.

The following activities are strictly prohibited, with no exceptions:

  • Unauthorized blogging or social media posts whether using WeSalute's property and systems or personal computer systems.

  • Revealing any confidential or proprietary information, trade secrets or any other material covered by WeSalute's Data Protection Policy when engaged in blogging or social media posts.

  • Any blogging or social media posts that may harm or tarnish the image, reputation and/or goodwill of WeSalute and/or any of its Team Members. Team Members are also prohibited from making any discriminatory, disparaging, defamatory or harassing comments when blogging or posting or otherwise engaging in any conduct prohibited by WeSalute's Code of Conduct.

  • Team Members may also not attribute personal statements, opinions or beliefs to WeSalute when engaged in blogging or in social media posts. If a Team Member is expressing his or her beliefs and/or opinions in blogs or posts, the Team Member may not, expressly or implicitly, represent themselves as a Team Member or representative of WeSalute. Team Members assume any and all risk associated with blogging or posts.

  • Apart from following all laws pertaining to the handling and disclosure of copyrighted or export controlled materials, WeSalute's trademarks, logos and any other intellectual property may also not be used in connection with any unauthorized blogging or social media posts.

Blogging and Social Media

The following activities are strictly prohibited, with no exceptions:

  • Unauthorized blogging or social media posts whether using WeSalute's property and systems or personal computer systems.

  • Revealing any confidential or proprietary information, trade secrets or any other material covered by WeSalute's Data Protection Policy when engaged in blogging or social media posts.

  • Any blogging or social media posts that may harm or tarnish the image, reputation and/or goodwill of WeSalute and/or any of its Team Members. Team Members are also prohibited from making any discriminatory, disparaging, defamatory or harassing comments when blogging or posting or otherwise engaging in any conduct prohibited by WeSalute's Code of Conduct.

  • Team Members may also not attribute personal statements, opinions or beliefs to WeSalute when engaged in blogging or in social media posts. If a Team Member is expressing his or her beliefs and/or opinions in blogs or posts, the Team Member may not, expressly or implicitly, represent themselves as a Team Member or representative of WeSalute. Team Members assume any and all risk associated with blogging or posts.

  • Apart from following all laws pertaining to the handling and disclosure of copyrighted or export controlled materials, WeSalute's trademarks, logos and any other intellectual property may also not be used in connection with any unauthorized blogging or social media posts.

Policy Compliance

Compliance Measurement

SystemsOps will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Definition and Terms

The following definition and terms can be found in the SANS Glossary.

  • Blogging
  • Honeypot
  • Honeynet
  • Proprietary Information
  • Spam

Policy Review, Disciplinary, & Responsibility

Disciplinary and Non-Compliance

Any Team Member found to have violated this policy may be subject to disciplinary action, up and including termination of WeSalute employment.

Responsibility

SystemsOps is responsible for ensuring the TASSA policy is followed.

warning

This Policy currently does not have the required policy footer content standard on WeSalute Policies. This may be intentional by the nature of the content.