Previous post
Posted on: 8 November 2022
Author: Holly Rogers
Small businesses tend to think implementing IT policies into their business is not relevant due to their size and resources they have available – this is a big mistake. They may think having such formal procedures in place is unnecessary, but you cannot expect employees to act in a particular way if the policies you would like them to adhere to haven’t been made clear.
As well as employees not behaving as you would like them to, failing to implement these IT policies can result in various legal issues – especially when problems begin to occur. There may be misuse of a device or account which has the potential to result in legal implications.
IT policies are crucial in both your technology management and IT security, and it is essential that you have them in place – no matter how big or small your business is. This blog outlines some of the most important IT policies that your business in Suffolk should have in place to stay protected.
Compromised passwords and credentials are the reason for majority of cloud data breaches. Someone gaining access to your sensitive information can be detrimental for your business and cost you your valuable time and money.
It’s simple to adopt a password security policy, all you need to do is create a list which includes the features that must be included in all new passwords. You should ensure that everyone fully understands this and has access to the list. Features that are typically included in this type of policy are:
– Length of password
– Any numbers and symbols necessary
– Where your password should be stored – e.g password manager
– How to store your password
– Using multi-factor authentication (MFA)
– How regularly you should be changing these passwords
The acceptable use policy details how data and technology should be used correctly within your organisation. It outlines a range of details which are all in alignment with the security of your IT network that help protect your data. An example of something in this policy could be ensuring employees regularly update their devices.
Another essential thing to be included in this policy is detailing where employees are allowed to use their company devices. For example, if employees are remote working, it is a good idea to emphasise that these devices are for individual and work purposes only and they should not be shared with family members.
Employees using unauthorised cloud applications has become a big problem more recently and this is referred to as “Shadow IT”. Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit approval from the IT department. There is an increasing percentage to show just how much Shadow IT can take up of a company’s cloud use.
However, employees should not be entirely blamed – how are they supposed to know that them using these unapproved cloud tools for company data is a major security risk if they haven’t been informed within a policy?
With a clear cloud and app use policy, employees will have a clear understanding of what applications they can and can’t use for business data. Unapproved applications should be obviously restricted, to make all employees aware that they should not use them.
A large number of companies in Suffolk tend to opt for a BOYD approach for mobile phone use amongst employees. BYOD is where employees bring their own mobile phones to work, and this provides an opportunity for companies to save money. It is also considerably easier, as employees have only one device as opposed to having to worry about having multiple phones.
Although if you have not outlined a policy regarding the use of this, there is potential for there to be various security issues. There can be legal confusion when dealing with personal devices and compensation, if they were to become damaged for any reason. Also, it should be considered, with employees’ own devices, companies don’t know what the operating system of these devices is like and if it has undergone any updates. An operating system that is not updated regularly in line with the software updates is likely to be vulnerable to cyber-attacks.
Having a policy that all employees are aware of will make it clear exactly what devices employees should be using and how they can keep safe as a result.
It is a known fact that Public Wi-Fi can cause cybersecurity issues – it is a hubspot for hackers who will purposely sit and wait to hack user’s login credentials. A larger number of employees than you would think have previously connected to a public Wi-Fi from a device that is company-owned.
The issue that this proposes is that a lot of employees wouldn’t think there was anything wrong with logging into a company app or email account on an external network. You should be aware that actions such as this, can lead to the hacking of credentials or result in a breach in the company network.
Having a Wi-Fi policy is particularly necessary as it will make sure your employees are connected safely to the internet. To ensure your business credentials are protected, you should also include in the policy what employees can do when they are on public Wi-Fi, with details regarding passwords and card details.
The use of social media at work is becoming increasingly common, more and more of us are now actually using it as a part of our day-to-day role. The odd glance at a social media feed here and there can result in hours of endless scrolling throughout the week, which can negatively impact the productivity of whole the team.
This can all be avoided by implementing a simple social media policy. This policy can include a range of details, including when employees can use their personal accounts and what they can post on these accounts about the workplace.
Are you need of some support with your IT Policy documentation or feel you could benefit from our IT consultancy services to help better your business processes. If you need some additional support in protecting your businesses cyber security, feel free to get in touch. Either give us a call on 01473 241515 or email us on info@corbel.co.uk.
Ipswich based Corbel Solutions Ltd offer a range of IT consultancy services, Office 365 support and Cyber Security to businesses across Ipswich, Felixstowe, Hadleigh and the surrounding Suffolk area. Ensuring your employees are fully educated and aware of your IT policies is essential in protecting any sensitive information from being exposed to potential breaches.
Previous post
Next post