Acceptable use of assets that process and information used needs to be documented. This needs to be communicated to affected employees to prevent misuse. This should include measures pertaining to defamation, harassment, impersonation, chain letters (especially ransomware) and unauthorised purchasing.