What is an IT policy?
You probably already know – a document or collection of documents that set out best practice for staff regarding cyber security, online access, emails, etc.
The aim to to stay safer by educating staff. By having an IT policy, staff should be aware of preventable issues and be able to respond quickly if something is amiss.
How important is it?
We need to do more to protect company data, according to the experts: http://www.cambridge-news.co.uk/Cambridge-companies-beware-cyber-attacks/story-28609175-detail/story.html
According to Cambridgeshire Police, one local medium-sized business went bust due to the extent of a cyber crime, and many companies are victims on a smaller scale (see more in this post).
What should be in an IT policy?
Below are some things to think about:
Movable storage
What is the policy on storage such as USBs? Can staff bring in personal USBs and use them on a work computer?
Procurement
Who and where are you buying hardware, software and services from?
Passwords
Are colleagues allowed to share passwords? Are all desktops and laptops password protected?
Network and remote access
Can you logon to the network externally?
Office access
Who can access your office? Employees, cleaners, visitors?
User privileges
Who has access to what?
Email links and attachments
Think about a policy on clicking links, or file extensions to be aware of. For example receiving a .exe file from an unexpected source should be a red flag.
Backups
Do you keep backups and who is responsible for them?
Locking devices
Are laptops or towers/monitors left logged in and unattended?
Two-step authentication
When I hear two-step authentication I think of banks or Googlemail logins, where you have a password and a text, or password and security key.
It is also something else just as useful – literally getting a second authorisation before committing to a payment. A common way of scamming money relies on administrative staff not getting a second authorisation after receiving an email from the boss. This is called CEO spoofing (see more on CEO spoofing in previous blog post).
Action!
The policy should also include what to do in the event of a security breach (see previous article for advice on this).
Author:
Eastpoint Software Web, Mobile Apps, eCommerce and MCommerce Development Company Cambridge, UK, Richmond and London. Get in touch with us about outsourcing that part of the project. We have experience working with partners and agencies on software products. Call us on 01223 690164 or Mail us: [email protected] to discuss what you need and how we can help.
Visit us: http://www.eastpoint.co.uk/