Manage Your IT Policies Well
Small businesses often make the mistake of skipping written policies. Owners frequently feel that things don’t need to be so formal as to have a policy book. They’ll usually just tell staff what’s expected when it comes up and believe that’s good enough. Everyone remembers, right?
Over time, this way of thinking causes multiple issues for small and mid-sized business owners. Employees can’t read minds. Procedures and standards that owners think would be obvious frequently aren’t to employees without the whole picture.
Failing to have written policies in an accessible place can also leave business owners in poor legal standing when a problem occurs. For example, when a lawsuit gets prosecuted due to misuse of a company device or email account.
Studies show that 77% of employees access their social media accounts while at the office. Furthermore, 19% of them average 1 full working hour a day spent on their personal social media. In many cases, of course, employees are ignoring a company policy that they’re aware of. However, many times there is no specific policy for them to follow.
IT policies should be priorities in you IT security and technology management. So, regardless of what the current size of your business, you should have those policies in place. We’ll get you going with a few of the most important IT policies your company should have already written and broadcast.
Do You Have These IT Policies? (If Not, Why?)
Password Security Policy
Compromised passwords account for about 77% of all cloud data breaches. Stolen credentials are also now the leading cause of data breaches around the globe.
A password security policy will explain to your team how to handle their logins and passwords. This written policy should include things like:
- How long passwords should be
- How to construct effective passwords (e.g., using at least one number and symbol)
- Where and how to store passwords, such as what password manager is preferred
- The use of multi-factor authentication
- How frequently to change passwords
Acceptable Use Policy (AUP)
The Acceptable Use Policy offers an overarching policy for using work devices. Good written policies include how to properly use and store technology and data within your organization. AUPs govern things like device security. For example, employees often need to keep devices updated. If this is the case in your company, include that in this policy.
Another thing to include in your AUP would be how to use company devices. You should probably also restrict remote employees from sharing work devices with family members or friends.
Data is another area frequently covered by the AUP. This section should dictate storage and handling protocols for data. A well written AUP should require an encrypted environment for security.
Cloud & App Use Policy
The use of unauthorized cloud applications by employees has become a big problem. It’s estimated that the use of this “shadow IT” ranges from 30% to 60% of a company’s cloud use.
Often, employees use cloud apps on their own because they don’t know any better. They don’t realize that using unapproved cloud tools for company data is a major security risk.
A cloud and app use policy will tell employees what cloud and mobile apps are okay to use for business data. It should restrict the use of unapproved applications. It should also provide a way to suggest apps that would enhance productivity.
Bring Your Own Device (BYOD) Policy
Approximately 83% of businesses use a BYOD approach regarding employee mobile use. Permitting employees to use their own smartphones to work saves companies lots of money. Doing is often more convenient for employees because they don’t need to carry around or keep track of a second device. However, if you don’t have a policy that dictates the proper use of BYOD, there can be multiple security and other issues. Employee devices become vulnerable to attack if the operating system isn’t updated on a regular basis. Confusion also arises about compensation for the use of personal devices at work.
Good BYOD policy clarifies the use of employee devices for business and keeps everyone on the same page. Any well written policy will include concrete requirements about the security of those devices. It may also demand the required installation of an endpoint management app. The BYOD policy should also cover compensation for business use of personal devices.
Wi-Fi Use Policy
Public Wi-Fi networks create a serious issue when it comes to cybersecurity. 61% of surveyed companies say employees regularly connect to public Wi-Fi from company-owned devices.
Many employees won’t even stop to think about logging in to a company app or email account, even when on a public internet connection. Doing so without an active VPN could easily expose those credentials and lead to a breach of your company network.
Your Wi-Fi use policy will explain how employees are to ensure they have safe connections. It may dictate the use of a company VPN. Your policy may also restrict the activities employees can do when on public Wi-Fi. Such as not entering passwords or payment card details into a form.
Social Media Use Policy
Social media use at work is so incredibly common, company policy must address it. Otherwise, endless scrolling, responding, and posting will steal hours of paid time every week.
Include details in your social media policy, such as:
- Restricting when employees can access personal social media
- Restricting what employees can post about the company
- Mapping out “safe selfie zones” or facility areas that are not okay for public images
Why Is This Published By A Business Phone Company?
Here at NoContractVoIP, we believe that your success is our success. To get the latest helpful content delivered to your inbox every month, subscribe to our newsletter here.
Looking for the finest stress-free custom business telephone systems? Contact us or call today at 866-550-0005!