Have you thought about it, but aren’t sure what to add in there and why? Over the last three decades we’ve helped hundreds of companies’ technology usage and internet security protocols for their businesses. Below are some policies that you should consider.
In your company internet policies, you will really have to convey why cyber security is important and you can even list some of the potential risks. If information is stolen or the company’s systems are infected with malware, explain how this could affect the business.
Set guidelines on password requirements, like using a combination of uppercase and lowercase letters as well as numbers. Make it clear how employees should store their passwords, (and not on a sticky-note on their desk).
When employees are accessing your networks from a remote connection, it should always be through a VPN and include a strong password. While connected to the company’s network, the employee needs to make sure they aren’t connected to another network at the same time. You should also make it mandatory for employees who are remoting in to have the most up-to-date software. This should include antivirus and anti-malware programs on the device from which they are connecting.
Teach your staff about the different types of phishing emails and other scams they may receive and how to detect if something with the email isn’t right. If they believe that an email seems out of the ordinary, they should check with the sender before opening any attachments to that email.
If your employee associates themselves on their social media, make sure that they are clear, their views are their own. This will prevent you from getting caught up or having repercussions from something an employees’ content might generate. Many companies have even included that dishonorable content on social media from an employee, (such as bigotry), will not be tolerated.
Employees should also not be posting anything on their social media related to your company that may be along the lines of financial, operational, or legal in nature. As well, information about clients and customers should be off-limits.
Shadow Software or Shadow IT is when an employee installs an unapproved program on their work computers. Software and applications installed on a company computer should only be done with authorization of management and your IT provider. Problems with Shadow IT can include viruses hidden in their zip-files. Shadow IT could also be incompatible with a business application causing it to malfunction. Further, installing programs which your company doesn’t own onto company computers can create liability if license violations occur.
Make sure that your employees know that their company email should only be used for business purposes. Personal communication needs to be either limited or completely prohibited. If you have a record retention schedule, make sure that your employees know what it is. You also have to make sure that they are abiding by the schedule when it comes to the retention of business emails.
If your employees send files outside of your organization to vendors or customers, it is important that they understand that sensitive information cannot simply be sent through an email. Confidential data, like social security numbers or credit card information should always be encrypted. They need to always send encrypted files through a secure file system.
Make sure that your employees know to either lock their computers or log out every time they step away from their desk. They should also keep their laptops locked when not in use. This helps prevent unauthorized access to your systems.
If an employee does encounter a security issue, such as a lost device or a data breach, they need to report it to management and your IT provider immediately. Threats should be eliminated quickly when they have been identified.
IT usage policies are necessary and sometimes required for industry regulations. An IT usage policy ensures that every employee or company representative is using your network in a way that will keep your data protected, keep your systems protected, and keep you focusing on your daily operations.
For more information on IT usage policies or to inquire about a cybersecurity assessment, contact us today.