IT Policies – do I need them?
The simple answer is yes.
However many SMEs feel that they don’t need them, as they’re too small a business to benefit from them. Or that they make things too formal. Or eve that they have to be long winded boring documents (they don’t!).
Not only do official policies cover your business for a legal perspective should a problem occur relating to your staff and your technology, but it is also helpful for your staff to know what’s expected from them.
Policies that are written down and more importantly shared, mean that everyone in the organisation knows where they stand and what is expected of them. Which actually your employees will thank you for also.
Technology is such a big part of any employee’s jobs now in any industry that not having rules around the use of it, just leaves your company vulnerable to problems.
A recent study has found that 77% of employees access their own social media accounts at work and on work devices. 19% of these average a full working hour per day on social media.
If you had a concern about your staff misusing technology, without a policy in place to refer to, it is very difficult to enforce different behaviour from them.
To give you a starting point, we’ve outlined the key IT policies we think every company should have, regardless of their size:
Social Media Policy
We have all been there, finding ourselves endlessly scrolling with no goal in mind and before you know far more time has passed than you had planned on your favourite channel (in fact they are designed to keep you on there for as long as possible). We recommend implementing a policy that covers the basics and protects your business from time lost on social media. Here’s what you should include:
- Restricting when employees can access personal social media
- Restricting what employees can post about the company
- Noting “safe selfie zones” or facility areas that are not okay for public images
If your staff have company owned devices, do you know where these devices are 24/7 and what networks they’re connecting to? Could it be around their friends house? At the local coffee shop? The survey reported that 61% of surveyed companies say employees connect to the public Wi-Fi from company owned devices.
When logged into a public Wi-Fi connection, staff might be checking in on their work email or communicating on a work app. This could expose your data and lead to a breach.
You should request staff to ensure they are only using safe connections on their work devices and also implement the use of a Virtual Private Network (VPN). If they do log onto a public Wi-Fi connection, you could restrict what they are allowed to do when using it.
Bring your own device (BYOD) Policy
The use of company paid devices is on the decline. If staff use their own devices for work, this is more convenient for them and a cost saving to the business. However without a policy in place, you are leaving your business vulnerable to security issues. A BYOD policy will provide clarity on the use of the personal device for business purposes and also outlines what security measures are required on the device to protect your businesses data.
Password Security Policy
It’s no secret that cloud data breaches are most commonly originated from password compromises. Password management is one of the key things we discuss with our clients as it is such a vulnerability in any organisation. When writing your password policy, make sure to include the following:
- Password required lengths
- What passwords should contain; symbols, numbers, letters etc
- Where and how to store them (and where not too!)
- How often passwords should be changed (on lots of systems, you can set an auto push for this)
- The use of Multi-factor authentication
This list of policies is a great way to get you started, but is in by no means of an exhaustive list. As with any policy, but especially one relating to technology, which changes at such a rapid rate, we recommend these are regularly reviewed and updated.
The most important thing you can do when you create these is to share them. Policies that exist but that aren’t ever looked at, are almost as bad as no policies at all.
If you’d like some further help on creating IT policies for your business, get in touch on 01392 796 779, we’d love to help.