Skipping over policies. A common mistake made by many practices. Part of this stemming from the feeling that things do not need to be “formal” and that telling staff expectations once is good enough.
This mindset can lead to frustration and a whole array of issues as employees are often left to be mind-readers. Remember, what you may think is obvious, may not be that obvious to others. Don’t leave it to chance.
And don’t take the chance. Another ramification of not having policies is being in poor legal standing should a problem arise. Data breaches leading to misuse of personal data and information will put your practice under the scope, and should this occur, you want to make sure you had the proper policies in place to meet compliance and regulation standards.
What about productivity? Did you know that 77% of employees log in to social platforms at work with 19% of them averaging 1 full working hour a day spent on social media.
Sure, employees can ignore policies. However, they certainly won’t comply if there is no policy in place to begin with.
Your practice’s security, efficiency and technology management pivot on policies. This is why no matter how big your business, policies are foundational.
So what important IT policies should you have in place?
Do You Have These IT Policies? (If Not, You Should)
Password Security Policy
About 77% of all cloud data breaches originate from compromised passwords. Globally, compromised credentials are now the number one cause of data breaches. See the importance here?
A policy that outlines password security procedures will provide your team with a process to handle login credentials, including things like
- Password length
- Password make-up (e.g., using at least one number and symbol)
- How and where to store them
- Using MFA (multi-factor authentication)
- Password change frequency
Acceptable Use Policy (AUP)
This policy overshadows all others. It lays out the framework on how to properly use technology and data inside your practice, governing areas such as device security. Need your employees to make sure their devices are always up to date? Include this!
The AUP can also include things like the acceptable use of company devices – where they can be used and who they can be shared with (especially in the case of remote workers).
When it comes to data, the AUP should also include procedures for proper handling and storage. Perhaps an encrypted environment is required?
Cloud & App Use Policy
A major problem that has reared it’s head within businesses is the use of unauthorized cloud applications by employees. We call this “shadow IT” and it is estimated that the use of this “shadow IT” ranges from 30% to 60% of a company’s cloud use.
Oftentimes is an innocent act – employees use cloud apps without realizing the implications. They don’t realize that unauthorized cloud tools is a major risk to company data.
This is why a cloud and app use policy should be implemented. It will teach employees what apps and tools are ok to use and restrict the use of those that are not. It can also help suggest apps and tools that can be used to boost productivity.
Bring Your Own Device (BYOD) Policy
The BYOD approach to mobile usage is implemented by approximately 83% of companies. When employees use their own smartphones for work it saves money. It also convenient as employees are not required to carry a second device.
However, without a proper BYOD policy in place that outlines the proper usage of devices, issues arise. Outdated operating systems and unsecure devices leave employee devices vulnerable to attacks, increasing security risks. Unclear expectations can also lead to confusion regarding compensation for using personal devices.
A BOYDS policy will help clarify all of this, allowing you to implement the proper BOYD procedures to help ensure your practice remains secure and protected.
Wi-Fi Use Policy
Public Wi-Fi is always an issue when it comes to cybersecurity. 61% of surveyed companies say employees connect to public Wi-Fi from company-owned devices.
Connecting to public Wi-Fi has become second nature, so most employees won’t think twice about using it for business purposes. Sadly, this can lead to exposed credentials and eventually a breach of your business network.
You can use a Wi-Fi policy to explain how to use safe connections and restrict activities that can be done over public connections (i.e entering password and payment details).
Social Media Use Policy
Social media use at work is a common practice that needs to be addressed. Not only does it steal hours of productivity from your practice each week, it can also pose a risk to the safety of your network.
So what can be done here? Implement a social media policy that includes details such as:
- Restricting social media access by employees
- Restricting what employees can post about the company
- Setting “Safe zones” where images can be taken for sharing on social media.
Get Help Improving Your IT Policy Documentation & Security
IT policy deficiencies and the security issues that follow can be easily fixed. Reach out to find out how.