Acceptable Use Policy

1. Purpose & Scope

1.1 Policy Purpose

This Acceptable Use Policy ("AUP") governs your use of Mainstream Technology Group's managed security services, IT infrastructure, and support systems. This policy ensures the security, reliability, and legal compliance of our services for all clients.

1.2 Who This Applies To

This policy applies to:

• All clients using our managed security services
• Client employees, contractors, and authorized users
• Anyone accessing systems we manage or protect
• Third parties granted access through client authorization

1.3 Agreement to Terms

By using our services, you agree to comply with this AUP. Violation of this policy may result in service suspension, termination, or legal action as outlined in Section 5.

2. Prohibited Activities

2.1 Illegal Activities

You may not use our services for any illegal purpose, including but not limited to:

• Violation of any federal, state, or local laws
• Copyright, trademark, or intellectual property infringement
• Distribution of illegal content or materials
• Fraud, identity theft, or financial crimes
• Child exploitation or related activities
• Drug trafficking or illegal substance distribution

2.2 Security Violations

The following activities are strictly prohibited:

• Attempting to bypass or disable security controls we've implemented
• Intentionally introducing malware, viruses, or malicious code
• Unauthorized access attempts to other systems or networks
• Port scanning, vulnerability scanning, or penetration testing without written authorization
• Denial of service attacks or network flooding
• Packet sniffing or network traffic interception
• Sharing credentials or providing unauthorized access

2.3 Abusive Behavior

Prohibited abusive activities include:

• Harassment, threats, or intimidation of any person
• Sending unsolicited bulk email (spam)
• Phishing attempts or social engineering attacks
• Distribution of hate speech or violent content
• Impersonation of another person or entity

2.4 Resource Abuse

You may not:

• Use excessive bandwidth, storage, or computing resources that impact other clients
• Run cryptocurrency mining operations on managed systems
• Operate file sharing services without authorization
• Host public-facing services without proper security approval
• Use our services to provide services to third parties without written agreement

2.5 Data Violations

Prohibited data-related activities:

• Storing or processing data in violation of applicable laws (HIPAA, PCI DSS, GDPR, etc.)
• Unauthorized collection, use, or disclosure of personal information
• Exfiltration of data from systems we protect
• Improper disposal of sensitive data
• Sharing regulated data with unauthorized parties

3. Security Requirements

3.1 User Responsibilities

All users must:

• Use strong, unique passwords and enable two-step login when available
• Protect credentials and never share login information
• Report suspected security incidents immediately
• Keep devices updated with security patches
• Follow security awareness training guidelines
• Use approved software and applications only

3.2 Device Security

Devices accessing our managed systems must:

• Run approved, up-to-date operating systems
• Have security software installed and active
• Be encrypted when storing sensitive data
• Not be jailbroken or rooted
• Comply with our device security standards

3.3 Network Security

When using our managed networks:

• Do not connect unauthorized devices without approval
• Use approved VPN connections when accessing remotely
• Do not create unauthorized wireless access points
• Report suspicious network activity immediately
• Follow network segmentation policies

3.4 Application Use

Software and application requirements:

• Only install approved business applications
• Do not disable or uninstall security software
• Avoid downloading software from untrusted sources
• Request security review before installing new applications
• Use licensed software only - no pirated applications

4. Monitoring & Enforcement

4.1 Monitoring Activities

To ensure security and compliance, we monitor:

• Network traffic for security threats and anomalies
• System logs for suspicious activity
• Security alert systems for potential incidents
• Compliance with security policies
• Resource utilization and performance

Privacy Note: We do not monitor the content of your business communications or files. Our monitoring focuses solely on security, performance, and compliance indicators.

4.2 Investigation Rights

We reserve the right to investigate suspected policy violations, which may include:

• Reviewing system logs and security alerts
• Analyzing network traffic patterns
• Examining file metadata (not content) when necessary
• Coordinating with law enforcement when legally required

4.3 Cooperation Requirements

Clients must cooperate with security investigations by:

• Responding promptly to security inquiries
• Providing access to affected systems when requested
• Assisting with incident response activities
• Taking corrective actions as recommended

5. Violations & Consequences

5.1 Minor Violations

First-time or minor violations may result in:

• Written warning and policy education
• Temporary restriction of specific capabilities
• Required security training
• Enhanced monitoring of activities

5.2 Serious Violations

Serious or repeated violations may result in:

• Immediate service suspension
• Termination of service agreement
• Loss of access to managed systems
• Financial liability for damages or costs incurred
• Reporting to appropriate authorities

5.3 Criminal Activity

Any illegal activity discovered will be:

• Immediately reported to law enforcement
• Documented with all available evidence
• Subject to full cooperation with investigations
• Grounds for immediate service termination

5.4 Appeals Process

If you believe an enforcement action was made in error:

• Contact us immediately at (603) 285-9680 x5050
• Provide detailed explanation and supporting evidence
• We will review within 2 business days
• Decision will be communicated in writing

6. Reporting Issues

6.1 Security Incidents

Report suspected security incidents immediately:

• Phone: (603) 285-9680 (24/7 for Critical Infrastructure and Maximum Protection clients)
• Direct Line: (603) 285-9680 x5050
• Include details: what happened, when, systems affected, potential impact

6.2 Policy Violations

To report suspected policy violations by other users:

• Contact your account manager or call (603) 285-9680 x5050
• Provide specific details and evidence if available
• Reports are handled confidentially
• No retaliation for good-faith reports

6.3 Technical Issues

For technical problems or questions:

• Call (603) 285-9680 for support
• Email support requests through your normal channel
• Provide system details and error messages when possible