Acceptable Use & Security Policy

1. Purpose

This policy establishes guidelines for the responsible and secure use of YourTEK-managed systems, networks, applications, and services. The objectives of this policy are to:

• Protect the confidentiality, integrity, and availability of Client data and systems
• Ensure compliance with applicable laws, regulations, and industry standards
• Define acceptable and prohibited uses of managed services
• Establish security requirements and best practices
• Outline responsibilities for incident reporting and response

2. Credentials & Access Control

2.1 Unique User Credentials

• Every user accessing YourTEK-managed systems must be assigned unique login credentials
• Generic, shared, or group accounts are not permitted for day-to-day operations
• Service accounts must be documented, have restricted access, and use strong authentication
• Credentials must never be written down, shared verbally, or transmitted via unencrypted channels

2.2 Multi-Factor Authentication (MFA)

MFA is required for:

• All administrative and privileged accounts
• Remote access (VPN, RDP, SSH)
• Cloud services (Microsoft 365, Azure, AWS, Google Workspace)
• Email access from outside the corporate network
• Any system containing sensitive or regulated data

Clients must implement MFA within thirty (30) days of onboarding or upon notice from YourTEK.

2.3 Password Requirements

• Minimum 14 characters for standard users, 16+ for administrators
• Combination of uppercase, lowercase, numbers, and special characters
• No dictionary words, personal information, or predictable patterns
• No password reuse across systems or from previous passwords
• Password managers are strongly recommended

3. Prohibited Activities

The following activities are strictly prohibited when using YourTEK-managed services:

3.1 Illegal Activities

• Violating any applicable local, state, federal, or international laws
• Transmitting, storing, or distributing illegal content
• Fraud, identity theft, or financial crimes
• Copyright infringement or intellectual property theft

3.2 Security Violations

• Attempting to access systems, accounts, or data without authorization
• Bypassing, disabling, or circumventing security controls
• Scanning, probing, or testing vulnerabilities of systems without authorization
• Installing unauthorized software, including malware, spyware, or cryptocurrency miners
• Sharing credentials or allowing unauthorized persons to use your access

3.3 Network Abuse

• Sending spam, phishing emails, or unsolicited bulk communications
• Launching denial-of-service (DoS) attacks or participating in botnets
• Operating unauthorized network services (proxies, VPNs, file sharing)
• Consuming excessive bandwidth that impacts other users or services

3.4 Content Violations

• Storing or transmitting obscene, defamatory, or threatening content
• Harassment, discrimination, or hostile communications
• Misrepresentation of identity or impersonation

4. Security Requirements

4.1 Endpoint Security

• All devices connecting to managed networks must have approved endpoint protection
• Operating systems and applications must be kept current with security patches
• Automatic updates should be enabled where supported
• Full-disk encryption is required for laptops and portable devices

4.2 Email Security

• Users must exercise caution with attachments and links from unknown senders
• Suspicious emails should be reported immediately to YourTEK or your IT contact
• Auto-forwarding to external email addresses is prohibited without approval
• Sensitive data must not be sent via unencrypted email

4.3 Data Protection

• Sensitive data must be classified and handled according to its classification
• Data must be stored only in approved, YourTEK-managed locations
• Personal devices should not store business-critical or regulated data unless approved
• Data exports and transfers must follow established procedures

4.4 Physical Security

• Devices must be physically secured when unattended
• Screen locks must activate after 5 minutes of inactivity (or less)
• Visitors must be escorted in secure areas
• Lost or stolen devices must be reported immediately

5. Monitoring & Privacy

Monitoring may include:

• Network traffic and firewall logs
• Authentication and access logs
• Email metadata and content (for security scanning)
• Endpoint security alerts and telemetry
• Application usage and performance metrics

Monitoring data is used solely for security, troubleshooting, and service delivery. It is handled in accordance with our Privacy Policy.

6. Incident Reporting

Immediate reporting is required for any suspected or confirmed security incident, including:

• Lost or stolen devices
• Suspected malware infection or ransomware
• Phishing attempts or suspected account compromise
• Unauthorized access to systems or data
• Data breaches or accidental data exposure
• Suspicious network activity or unusual system behavior

7. Enforcement

Violations of this AUP may result in:

• Warning: Notification of the violation and required corrective action
• Suspension: Temporary suspension of access or services
• Termination: Immediate termination of services for serious or repeated violations
• Legal Action: Referral to law enforcement or civil litigation where appropriate

Material breach of the credential sharing prohibition may result in immediate suspension or termination of services without prior warning, as specified in the Terms of Service.

8. Policy Updates

YourTEK may update this AUP from time to time to address new security threats, regulatory requirements, or service changes. Material changes will be communicated to clients via email at least thirty (30) days before they take effect. The current version is always available at this URL.