Do you have a technology and internet usage policy in your employee handbook?
Have you thought about it, but aren’t sure what to add in there and why? Over the last three decades we’ve helped hundreds of companies’ technology usage and internet security protocols for their businesses. And over the years we have formulated both best practices and policies that can help your business out. Below are some policies that you should consider.
Stress the Importance of Network Security
In your company internet policies, you will really have to convey why cyber security is important and you can even list some of the potential risks. If information is stolen or the company’s systems are infected with malware, explain how this could affect the business.
Include a Password Management Policy
Set guidelines on password requirements, like using a combination of uppercase and lowercase letters as well as numbers. Make it clear how employees should store their passwords, (and not on a sticky-note on their desk). A strong password is always the best security.
Remote Employees Need a Remote Access Policy
When employees are accessing your networks from a remote connection, it should always be through a VPN and include a strong password. While connected to the company’s network, the employee needs to make sure they aren’t connected to another network at the same time. You should also make it mandatory for employees who are remoting-in to have the most up-to-date software. This should include antivirus and anti-malware programs on the device from which they are connecting. Devices that access our network should all follow the same protocals, whether they are company devices or not.
Educate Your Employees on How to Detect Phishing and Other Scams
Teach your staff about the different types of phishing emails and other scams they may receive and how to detect if something with the email isn’t right. If they believe that an email seems out of the ordinary, they should check with the sender before opening any attachments to that email. Properly educated your staff on the front end, could wind up saving your business thousands of dollars.
Let Employees Know about How Social Media Use Will be regulated
If your employee associates themselves on their social media, make sure that they are clear, their views are their own. This will prevent you from getting caught up or having repercussions from something an employees’ content might generate. Many companies have even included that dishonorable content on social media from an employee, (such as bigotry), will not be tolerated.
Employees should also not be posting anything on their social media related to your company that may be along the lines of financial, operational, or legal in nature. As well, any type of information about clients and customers should also be off-limits.
Shadow Software or Shadow IT is when an employee installs an unapproved program on their work computers. Software and applications installed on a company computer should only be done with authorization of management and your IT provider. Problems with Shadow IT can include viruses hidden in their zip-files. Shadow IT could also be incompatible with a business application causing it to malfunction. Further, installing programs which your company doesn’t own onto company computers can create liability if license violations occur.
Make sure that your employees know that their company email should only be used for business purposes. Personal communication needs to be either limited or completely prohibited. If you have a record retention schedule, make sure that your employees know what it is. You also have to make sure that they are abiding by the schedule when it comes to the retention of business emails.
Employees should only be using a Secure File System
If your employees send files outside of your organization to vendors or customers, it is important that they understand that sensitive information cannot simply be sent through an email. Confidential data, like social security numbers or credit card information should always be encrypted. They need to always send encrypted files through a secure file system.
Computers and Devices Should Always be Locked When Not in Use
Make sure that your employees know to either lock their computers or log out every time they step away from their desk. They should also keep their laptops locked when not in use. This helps prevent unauthorized access to your systems.
How to Report Security Issues
If an employee does encounter a security issue, such as a lost device or a data breach, they need to report it to management and your IT provider immediately. Threats should be eliminated quickly when they have been identified.
IT usage policies are necessary and sometimes required for industry regulations. An IT usage policy ensures that every employee or company representative is using your network in a way that will keep your data protected, keep your systems protected, and keep you focusing on your daily operations.
For more information on IT usage policies or to inquire about a cybersecurity assessment, contact us today.