6 IT Policies to Help Protect Your Company
Many companies rely on IT to help run their businesses. For this reason, they often depend on a set of IT policies to ensure the productive, appropriate, and legal use of IT resources. IT policies establish expectations and regulations for behavior related to company computers and networks.
In addition, IT policies detail consequences for employees or customers in the event of a policy violation. The proper enforcement of IT policies may also provide a basis for defense in the event of a lawsuit.
Here are six common IT policies to help protect your company:
1. Acceptable Use Policy
An acceptable use policy, or AUP, restricts use of a company's network or services. AUPs prevent illegal activity, ensure security, and safeguard the reputation of the company.
AUPs also outline the consequences of breaking the rules. A common penalty is restricted or permanent loss of access to the associated network or service.
2. Privacy Policy
Privacy policies protect the personal information collected from a company's customers and employees. Personal information includes anything that can be used to identify an individual. Names, social security numbers, credit card numbers, email addresses, and even photos of individuals are considered personal information.
Privacy policies typically document how personal information is collected, stored, used, and disposed of. Privacy policies may also disclose when personal information is shared or sold to third parties.
3. Data Governance Policy
Data governance policies describe how data is managed as it passes through company systems. Specifically, these policies document how a company makes sure that data is accessible and secure, as well as accurately collected and properly maintained.
Data governance policies also identify the people responsible for the quality and security of company data. They might also mention any third parties that play a role in the company's data management plans.
4. Disaster Recovery Policy
A disaster recovery policy outlines the broad requirements of a company's disaster recovery plan. These policies identify critical data and responsible departments or staff. They also specify allowable downtime, as well as how to ensure business continuity in the event of downtime.
Disaster recovery plans are usually created by senior IT staff. However, the specifics of data recovery plans are normally left to those designing and executing the plan.
5. BYOD Policy
A BYOD policy, or Bring Your Own Device policy, is an IT policy that governs the use of personal mobile devices in the workplace. BYOD policies are becoming increasingly important, with study after study showing the dramatic shift of personal mobile devices into the workplace.
Specifically, BYOD policies state the degree to which personal mobile devices are allowed within the workplace, what can be done with these devices, and how the company will support them.
6. Social Media Policy
Social media policies govern employee use of social media both in and out of the workplace. These policies define how a company will manage and monitor the online behavior of it's employees. They also set forth any company expectations regarding the nature and tone of information being posted.
As a result, social media policies are sometimes perceived as repressive. However, they can actually empower employees by letting them know what can and cannot be posted. Striking a balance between the needs of the company and employees is the key to a successful social media policy.
How Often Should Passwords Be Changed?
How old are your passwords? Almost half of the 2,000 U.S. and U.K. respondents in a TeleSign survey admitted they have not changed their passwords in five years. Even worse, more than 20 percent of them were using passwords that were more than 10 years old.
You likely will not get much argument that these passwords are too old. But how often should you and your employees change them? Surprisingly, this is a not an easy question to answer.
For many years, security experts recommended changing passwords frequently, usually every 30 to 120 days. However, a Microsoft study questioned that conventional wisdom — wisdom that even Microsoft product documentation touted for years.
The Microsoft study found that frequent mandatory password changes cost billions of dollars in lost productivity with little security payoff in return. Frequent password changes are not as effective nowadays because hackers have machines that can crack weak passwords in seconds. Once they have a password, it is doubtful that they will wait even a week before exploiting it. Thus, changing passwords every 30 to 120 days does little to increase security.
Requiring strong passwords, in addition to mandating frequent password changes, can even weaken security, as some chief information officers point out. Employees are becoming frustrated with having to constantly create and remember strong passwords. A Janrain studyrevealed that 38 percent of the 2,208 adults surveyed would rather scrub toilets and tackle other household chores than try to come up with yet another password. As a result, they might resort to using variations of old passwords, re-using the same password for multiple accounts, or writing down passwords.
While it is not a good idea to require frequent password changes, you should not go to the other extreme and never require them. You need to find a happy medium. The Information Technology Laboratory at the National Institute of Standards and Technology recommends that you set different password expiration policies for the different types of systems and software in your business. That way, you can have employees change their passwords more often for high-security systems and software and less often for low-security systems and software.
You also need to make sure that employees understand how risky it is to re-use the same password for multiple accounts. Hackers know that re-using passwords is a common practice, so when they crack the password for one account, they will try using it to access other accounts. Similarly, they will try opening other accounts with variations of that password.
Creating and remembering a unique strong password for each account can be challenging for employees, even when they do not need to change their passwords very often. Using a password management tool can make this task much easier for employees. They can have the password manager automatically create strong passwords. The password manager will also store those passwords so that employees do not have to remember them. Besides having happy employees, you can take comfort in knowing that your company's accounts are protected with unique strong passwords. It is a win-win situation for everyone, except hackers.
What Surveys Say about Moving to the Cloud
Cloud computing has surged in popularity. The 2015 Cloud Security Spotlight Report clearly makes this point. More than 70 percent of the 1,010 participants reported that they use or plan to use a cloud computing solution. Yet, some organizations are still apprehensive about using the cloud.
Common Concerns
Organizations hesitant about cloud computing are often concerned about:
- Security. Security is by far the biggest concern preventing organizations from embracing the cloud. They are afraid that their data will not be as safe in the cloud as it is in their on-premises systems.
- Lack of control. Some companies are leery they will lose control of their data if they move it to the cloud.
- Compatibility. Organizations fear that their applications will not be compatible with cloud computing solutions.
- Just a fad. Some companies view the cloud as just another fad. They believe that if they were to start using the cloud, their IT systems would become obsolete as soon as the next technological marvel comes around.
Discovering What's Right for Your Business
Fears about the cloud often come from misinformation and a lack of knowledge. Learning about cloud computing can help ease your apprehension.
The 2015 Computerworld Forecast survey reported that over 40 percent of the IT executives surveyed predict they will increase their spending on software as a service (SaaS) and a mix of public, private, hybrid, and community clouds.
Searching the Internet about cloud security is not as helpful. For every article or blog you find saying it is safe, you will find another one saying it is not. Talking with IT experts is a better course of action. You can discuss the security issues that pertain to your data and applications to determine whether using the cloud is a good fit for your business. They can help you decide on the best type of cloud options for your company and show you the best ways to keep your data safe and in your control.
IT experts can also find out if any of your applications are incompatible with the cloud. If that is the case, they can help you find a suitable replacement.
6 Reasons to Use Remote Monitoring to Keep an Eye on Your Systems
Many IT service providers use remote monitoring tools to gather information and send reports about their clients' computer systems. Almost anything can be monitored, from routers and firewalls to virus detection and email services.
Here are five benefits of using remote monitoring to keep an eye on your systems:
1. Reduce the Chances of Downtime
In order to operate smoothly, your company needs its computers up and running. If they stop working, you could end up losing a lot of money.
Remote monitoring can reduce the chances of such an event. Your service provider can set alerts that trigger when a problem starts to develop but before it impacts system performance. This early notification means the issue can be resolved before it develops into a crisis.
2. Respond to Problems Instantly
An IT service provider's remote monitoring team can protect your computers around-the-clock. This 24/7 service means that providing a solution to your tech troubles doesn't have to wait until the morning.
3. Handle Problems Anywhere
Because of remote monitoring, it doesn't matter where you are, where your systems are, or where your people are. A remote monitoring team can contact you, find out how you want a situation handled, and then take care of it for you.
This means that you don't even need to leave the comfort of your own home in order to take care of a problem. This aspect of remote monitoring is especially appealing to companies with facilities in distant or rural locations.
4. Track System Health
Remote monitoring collects system statistics over time. When viewing this data in monthly or quarterly reports, long-term trends can be identified, even before they reach levels that would trigger an alert.
Using these reports, you can address potential problems as they develop and prevent them from ever impacting your computer system. Trend analysis can also identify needs for system expansion and help with technology budgeting.
5. Monitor and Support Every Device You Use
Remote monitoring is comprehensive. Every device can be monitored and supported remotely, whether it's a server, a desktop, or a mobile device.
Additionally, a remote monitoring service can provide for automatic updates. Configuration files and other changes can automatically be deployed without users needing to take any action.
6. Have Support Staff That Show Rather than Tell
If one of your employees ever has a computer problem, an IT expert can use remote control tools to take control of the employee's desktop while they are watching. Remote control is different from remote monitoring, although the two are closely related. When it comes to IT support, remote control tools let technicians teach your employees about the issue at hand and explain to them how to address it in the future.
The Bottom Line
Businesses today rely on their computers. They need their IT infrastructure up and running at all times. They need to know about problems before they happen, and they need support regardless of their locations. Remote monitoring provides a cost-effective way for companies to fulfill these needs.