As generational shifts continue to happen in business, and technology transforms the workplace more and more, it’s important to make sure your employees understand the risks that your business faces, as well as their role in mitigating those risks. To make sure you create an environment to support your new employees, but also protect your business, you’ll need to implement new technology policies. To help you get started, here are four tech policies you should put in place today — before you become the next Yahoo or Target!
Not many small businesses have a cybersecurity plan in place, but you really should. It’s probably the most important on this list! There are major data breaches almost every day, and implementing the most basic cybersecurity policies could avoid many of them.
Make sure that your cybersecurity plan includes:
- Email Filtering: Using good a spam filter will help cut down on potential phishing attacks and other scams. Well-advanced systems that scan email links real-time as employees click them, add another valuable layer of protection.
- Employee Awareness: Employee training is ideal, but at the very least, you should send all employees documentation about phishing and other common online scams and how to identify them. The takeaway should be, “When in doubt, assume it’s a scam!”
- Enterprise-class Antivirus Software: Part of your IT’s endpoint management should include antivirus software on all company devices that is updated consistently and performs regular virus scans.
- Vulnerability Testing: Regular vulnerability assessments should be conducted bi-annually at a minimum (preferable monthly or quarterly); it’s even better to find an outside firm to do, at least, a yearly assessment to see how someone unfamiliar with your company’s network can learn to penetrate it.
Bring Your Own Device (BYOD)
How many times have we heard about a lost or stolen corporate laptop leading to a data breach? Today, consumers own an average of 3.64 connected devices — from smartphones to tablets, to fitness trackers to e-readers. With this profusion of devices comes the fact that employees are going to bring their own devices to work, as well as use them for work purposes outside the office. Preventing these devices from entering the workplace will be an impossible battle, so you’ll need to address this head on. The risks this imposes on a company are higher than ever, and that’s why it’s essential to have a policy in place to explain what your employees are and aren’t allowed to do on their personal devices.
BYOD plan essentials include:
- Required Security Settings: If your employees will use personal devices for work purposes, it is essential that they have some kind of lock screen on the device (PIN, password, pattern trace, biometrics, etc.).
- Remote Storage Wiping: If employees will be storing sensitive information on their devices, your IT needs to be able to remotely wipe the device if it is lost or stolen.
- Wireless Network Restrictions: Personal devices should only be connected to a separate corporate Wi-Fi network that restricts the bandwidth each device can use and allows no access to internal documents.
- Tech Support: To what extent will your IT team work with employees having technical difficulties with their devices? Obviously, they shouldn’t replace the manufacturer’s support for every single issue, but clarify what types of issues with work-related apps your support will assist.
- Acceptable Use: What type of usage is acceptable while the device is connected to your network? Obviously, illegal activities should be forbidden, but what about social media or other personal uses?
- Visibility: Perhaps most importantly, ensure that you have visibility into all of these devices while they are on your network so you can monitor and enforce these rules.
Almost everyone has multiple social media accounts today, and your organization needs a policy to monitor your employees’ posts relating to your business, as well as employees who are authorized to share content on your business’ behalf. The internet is rife with tales of social media gaffes and personal blunders on corporate accounts, so it’s crucial to have a plan in place to prevent this from happening to you — as well as damage control procedures, just in case!
Your social media policy should include:
- Grievances: Require (or strongly recommend) that employees bring issues to management before posting them online.
- Company Accounts: Who is in charge of your social media presence? Who else has access to the accounts? What are they allowed to post? Who needs to approve content before it’s shared?
- Clean-up: What measures are in place to correct a situation where an employee accidentally posts personal info or other inappropriate material on your social media accounts?
- Personal Conduct: Your policy should explain to employees that social posts are public, and if an employee posts inappropriate things that reflect badly on the business, discipline may be in order.
- Monitoring: Companies should have social monitoring tools to minimize the impact of any employee misuse of social media.
There’s no question that an explosion of cloud-based apps exists today, and that end users are flocking to new apps to increase productivity and convenience. In fact, it’s inevitable that your employees will use them, with or without you knowing.
We are no longer in a position to deny or ignore these employee work habits. With technology changing rapidly and new generations being brought up within the rapidly changing environment, it’s time for businesses to embrace — not ignore it. To combat this shadow IT, you need to have policies in place to protect yourself while still allowing for advancement and new uses of technology.
With that in mind, your cloud app policy should contain measures for:
- Sensitive Information: At a bare minimum, you need to make sure employees are not sharing sensitive information on an app that hasn’t been vetted.
- Approvals: Implement a process or channel that employees can go through to get an app vetted and approved by your IT group.
- Passwords: Make it clear in your policy that employees should not use their corporate passwords for cloud app accounts. Furthermore, each app should have a unique password at a bare minimum. Employees who are using the same password for all online tools are only as safe as the weakest link. If one online app is insecure, a hacker will easily gain access to all of your accounts with the same password.
There are numerous policies businesses can put in place to allow the new generations to explore and use new technologies, but also will help protect the business. The four above will get you started down the path, but make sure you continue to look for additional ones that may be a good fit for your business. Also, make sure to allow your employees the flexibility to try new things — just make your first priority protecting your data and your business. Lastly, just because you have a policy, doesn’t mean everyone understands and adheres to it. You’ll need to provide the necessary training, support and monitoring to ensure everyone is staying within your acceptable use guidelines.