Six crucial IT policies all companies should implement

Many small businesses make the mistake of brushing over IT policies or skipping them altogether. They just tell staff what’s expected when it comes up and believe that’s good enough.

But this way of thinking can cause some serious issues for business owners. Employees aren’t mind readers, and cyber dangers that you think are obvious might not occur to them until it’s too late.

Not having policies can leave you deep in a legal hole if any problems occur, such as a lawsuit due to misuse of a company device or email account.

Still not convinced? Here are a couple of stats for you.

Around 77% of employees access their social media accounts while at work. Approximately 19% of them average one full working hour a day on social media. Sometimes, employees ignore company policy or aren’t aware of it. But in many cases, they have no specific policy to follow.

IT policies are an essential part of your IT security and technology management. We’ll get you started with some of the most important ones your company should have. Please contact the Synergy team if you’d like to know more.

IT Policies you should have in place

Password Security Policy

About three-quarters of all cloud data breaches originate from compromised passwords, now the number one cause of global data breaches.

A password security policy will show your team how to handle their login passwords. It should include things like:

• How long passwords should be
• How to construct passwords (e.g., using at least one number and symbol)
• Where and how to store passwords
• The use of multi-factor authentication (if it’s required)
• How often to change passwords

Acceptable Use Policy (AUP)

The Acceptable Use Policy is an overarching policy which includes how to use technology and data in your organisation correctly. This policy will govern things like device security. For example, you may need employees to keep devices updated, which should be noted in the policy.

Another thing to include in your AUP would be where it’s acceptable to use company devices. You may also restrict remote employees from sharing work devices with family members.

The AUP should also dictate how to store and handle data; the policy might require an encrypted environment for security.

Cloud & App Use Policy

The use of unauthorised cloud applications by employees has become a big problem. It’s estimated that the use of “shadow IT” ranges from 30% to 60% of a company’s cloud use.

Often, employees use cloud apps on their own because they don’t know any better. They don’t realise that using unapproved cloud tools for company data is a significant security risk.

A cloud and app use policy will tell employees what cloud and mobile apps are okay to use for business data. It should restrict unapproved applications and suggest apps that enhance productivity.

Bring Your Own Device (BYOD) Policy

Approximately 83% of companies use a BYOD approach for employee mobile use. Allowing employees to use their smartphones for work can save money. It can also be more convenient for employees because they don’t need to carry a second device.

But if you don’t have a policy that dictates the use of BYOD, there can be security and other issues. Employee devices may be vulnerable to attack if the operating system isn’t updated. There can also be confusion about compensation for using personal devices at work.

The BYOD policy clarifies the use of employee devices for business. Including the required security of those devices. It may also note the required installation of an endpoint management app and compensation for business use of personal devices.

Wi-Fi Use Policy

Many employees won’t think twice about logging in to a company app or email account from public Wi-Fi. This could expose those credentials and lead to a breach of your company network.

Your Wi-Fi use policy will explain how employees need to ensure they have safe connections. It may dictate the use of a company VPN. Your policy may also restrict employees’ activities when on public Wi-Fi, such as not entering passwords or payment card details into a form.

Social Media Use Policy

With social media use at work so common, it’s essential to address and get some guidelines in place. Otherwise, endless scrolling and posting could steal hours of productivity every week.

Include details in your social media policy, such as:

• Restricting when employees can access personal social media
• Detailing what employees can and can’t post about the company
• Noting “safe selfie zones” or facility areas that are not okay for public images

Get Help Improving Your IT Policy Documentation and Security

We hope you found this overview of essential IT policies helpful. Synergy IT’s team can help your organisation address IT policy deficiencies and security issues, so please reach out today to schedule a consultation.