Technology can make your company more productive and profitable or be the cause of costly IT failure and data breaches. To prevent the latter, small business owners in St. Paul and Minneapolis frequently ask us about stopping hackers or other external attacks, but that is only half the battle.
Internal threats can do similar damage and require the same amount of attention.
IT policies can protect your organization, creating the secure environment you need to remain productive and successful.
‘Internal threat’ may conjure images of disgruntled employees deliberately trying to damage the company but careless employees can cause just as much harm to your organization.
For instance, if Peter in HR downloads music files and opens emails from unknown senders, you’d call his behavior careless, but not malicious. Unfortunately, his actions could result in viruses infecting your network or stolen passwords.
Haystax found in a recent study that negligent employees like Peter are some internal security threats businesses face It found that 90 percent of respondents were concerned about an insider attack and over half (56 percent) believed regular employees present the biggest threat.
When asked to identify internal vulnerabilities, the top areas of concern were phishing attempts and poor password security.
Creating technology policies is a proactive step small business owners can take now to prevent the worst case scenario, instead of waiting for an IT disaster to happen.
The guidelines standardize how employees use technology and give you recourse if you find nonbusiness related software or data, like pictures, music or video, and can determine if action needs to be taken.
In more extreme cases, they can provide legal protection as well. In court, you’ll be able to show that an employee knowingly violated your acceptable use policy.
Plus, creating the guidelines helps you think through the long-term goals for your business. You’ll be thinking of what you want to do, the tools you need, and outlining how employees will use technology to achieve your goals.
How you create an IT policy will depend on your goals and operations. The following are a good baseline for what small business owners need to consider and can be customized to fit your needs.
- Acceptable Use of Technology: Policies that establish how employees can use computers, phones, email, internet, voicemail, fax machines, etc. This will set consequences for misuse of equipment.
- Security and acceptable use policies: Establishes requirements for passwords, levels of access to the network, virus protection, confidentiality, and the usage of data.
- Business Continuity and Disaster Recovery: Outlines how data will be recovered in the event of a disaster and what data backup methods are in place. For more information, check out this Disaster Recovery Tool Kit.
- Technology Standards: Determines the types of software, hardware, and systems that will be purchased and used at the company, including those that are prohibited (for example, instant messenger or mp3 music download software).
- Network Set up and Documentation: Guidelines regarding how the network is configured, how to add and remove employees to the network, permission levels for employees, and licensing of software.
- IT Services: Details how technology needs and problems will be addressed, who in the organization is responsible for employee technical support, maintenance, installation, and long-term technology planning.
If you have questions about how to establish policies that match your business plans, you can contact us at (952) 258-8200 or online. We can also work with you to flag software that is already on employee computers that do not meet your standards.