IT policies are a very important part of your business’ operations. They help set the standards for managing people – not just your tech. These IT policies affect everything from the culture of the company to legal actions against the company. No matter what size of business you have, these are a few key tech policies that you need to implement. So here’s our top 5 essential tech policies for IT security and Technology Management.
1: Bring Your Own Device (BYOD) Policy
This tech policy has become the dominant method of handling devices by companies. The latest 2022 stats show that 87% of businesses rely on employees having mobile access and 67% of employees use their own personal devices at work. Bring Your Own Device is exactly what it sounds like, an employee brings their own device (typically a smartphone) and uses it for work. Companies love this because it saves them money on devices (and the costs managing them as well). Employees love this because they get to use their device they are comfortable with. Plus they don’t need to lug around a second device everywhere they go.
It sounds great, but if there aren’t any policies guiding this usage it can create a load of issues from security to business management. For instance, is your employee’s phone under 3 years of age and supported with security updates from the manufacturer? Are your employees receiving calls on their phone number or one that you have assigned to them with a VOIP service like our Xennect Phone System? You should have these rules mapped out and defined, and utilize a management app to allow remote removal of business apps. You should also establish a compensation policy for the company use of a personal device. Here’s 5 ways to make your BYOD policy better and more secure.
2: Password Security Policy
Compromised credentials are by far the most common security vulnerability, making up 90% of data breaches. Your password policy clearly defines for your team what is required in handling their passwords for the safety of them and your data.
It should first and foremost state what password manager the company uses (and yes the company should use one to have control over all employee credentials – you can thank me after you retain full access of all passwords from an ex-employee, and they retain none). How do you construct your passwords – length, characters, numbers? Do you require Multi-Factor Authorization? (the correct answer here is yes)
3: Public Wi-Fi Use Policy
This is a big cyber security issue since public Wi-Fi is insecure. However, 61% of companies say their employees access public networks from business devices.
Do you allow business laptops to connect to public Wi-Fi? Do you provide secure connections such as VPNs to office/shared data? A good solution might be to allow employees to access the internet, but not transmit confidential information such as passwords (such as logging into email). Does everything in this tech policy play nice with your BYOD policy we already discussed?
4: Official Applications Policy
Employees constantly break this important tech policy. You must set which applications are approved to be used for your company. What typically happens is that employees just use whatever apps they can to get the job done. When tech is used, but not known or approved by the company, it is referred to as Shadow IT. I’ve talked about this before, where 51% of employees will continue to use apps specifically banned by their company. This gets tricky because if this is happening (and it is) that basically means that employee is trying to boost their productivity and efficiency. You don’t really want to reprimand that. Although, at the same time it creates a huge security risk for the company – about 49% of cyber attacks in 2020 were due to Shadow IT.
5: Social Media Policy
Do your employees use social media while at work? Do they use it for work? Only about 9% of workers use a social media tool provided by their company, but social media use at work is very common. Of the users in that same study, 71% of them say that social media is useful for staying in touch with others in their field. You need to custom tailor this tech policy for your business, since there is no one size fits all solution. You can start with defining and restricting when employees can access personal social media, who can officially post about the company, and if there are any off-limit zones for public images (that might show up in a selfie).
These are 5 important tech policies that your company should have. If you haven’t implemented any of these, go ahead and reach out for a consultation. We can help you address any IT policy deficiencies or security issues.