Generational shifts continue to happen in business. Technology transforms the workplace more and more. It’s never been more important to make sure your employees understand the risks that your business faces and their role in mitigating those risks. You’ll need to implement new technology policies that protect your employees and your business. To help you get started, here are four technology policies you should put in place today — before you become the next Yahoo or Target!
Not many small businesses have a cybersecurity plan in place, but they should! It’s probably the most important on this technology policies list. There are major data breaches almost every day, and implementing the most basic cybersecurity policies could avoid many of them.
Make sure that your cybersecurity plan includes:
- Email Filtering: Using a spam filter will help cut down on potential phishing attacks and other scams. Well-advanced systems that scan email links real-time as employees click them add another valuable layer of protection.
- Employee Awareness: Employee training is ideal. At the very least, you should send all employees documentation about identifying phishing and online scans.
- Enterprise-class Antivirus Software: Part of your IT’s endpoint management should include antivirus software on all company devices. Make sure the software is updated consistently and performs regular virus scans.
- Vulnerability Testing: Regular vulnerability assessments should be conducted bi-annually at a minimum. Even better would be to find an outside firm to do a yearly assessment. This can help determine how someone unfamiliar with your company’s network can learn to penetrate it.
Bring Your Own Device (BYOD)
How many times have we heard about a lost or stolen corporate laptop leading to a data breach? Today, consumers own an average of 3.64 connected devices. With this profusion of devices comes the fact that employees are going to bring their own devices to work and use them for work purposes outside the office. Preventing these devices from entering the workplace will be an impossible battle, so you’ll need to address this head on. The risks this imposes on a company are higher than ever. That’s why it’s essential to have technology policies in place explaining what you allow.
BYOD plan essentials include:
- Required Security Settings: Do your employees use personal devices for work purposes? It is essential that they have some kind of lock screen on the device (PIN, password, pattern trace, biometrics, etc.).
- Remote Storage Wiping: Are employees storing sensitive information on their devices? Your IT needs to be able to remotely wipe the device if it is lost or stolen.
- Wireless Network Restrictions: Personal devices should only be connected to a separate corporate Wi-Fi network. This network should restrict the bandwidth each device can use and allows no access to internal documents.
- Tech Support: To what extent will your IT team work with employees having technical difficulties with their devices? Obviously, they shouldn’t replace the manufacturer’s support for every single issue. Clarify what types of issues with work-related apps your support will assist.
- Acceptable Use: What type of usage is acceptable while the device connects to your network? Obviously, illegal activities are forbidden. What about social media or other personal uses?
- Visibility: Perhaps most importantly, ensure that you have visibility into all of these devices while they are on your network so you can monitor and enforce these rules.
Almost everyone has multiple social media accounts today. Your organization needs technology policies to monitor your employees’ posts relating to your business. You also should monitor posts by employees who are authorized to share content on your business’ behalf. The internet is rife with tales of social media gaffes and personal blunders on corporate accounts, so it’s crucial to have a plan in place to prevent this from happening to you — as well as damage control procedures, just in case!
Your social media policy should include:
- Grievances: Require (or strongly recommend) that employees bring issues to management before posting them online.
- Company Accounts: Who is in charge of your social media presence? Who else has access to the accounts? What will you allow them to post? Who needs to approve content before sharing it?
- Clean-up: What measures are in place to correct a situation where an employee accidentally posts personal info? What about other inappropriate material on your social media accounts?
- Personal Conduct: Your policy should explain to employees that social posts are public. If an employee posts inappropriate things that reflect badly on the business, discipline may be in order.
- Monitoring: Companies should have social monitoring tools to minimize the impact of any employee misuse of social media.
There’s no question that an explosion of cloud-based apps exists today. End users are flocking to new apps to increase productivity and convenience. In fact, it’s inevitable that your employees will use them, with or without you knowing.
We are no longer in a position to deny or ignore these employee work habits. Businesses must embrace that the changing environment and new generations. To combat this shadow IT, you need to have technology policies in place to protect yourself while still allowing for advancement and new uses of technology.
With that in mind, your cloud app policy should contain measures for:
- Sensitive Information: You need to make sure employees are not sharing sensitive information on an app that hasn’t been vetted.
- Approvals: Implement a process or channel that employees can go through to get an app vetted and approved by your IT group.
- Passwords: Make it clear in your policy that employees should not use their corporate passwords for cloud app accounts. Furthermore, each app should have a unique password at a bare minimum. Employees who are using the same password for all online tools are only as safe as the weakest link. If one online app is insecure, a hacker will easily gain access to all of your accounts with the same password.
There are numerous policies businesses can put in place to allow the new generations to explore new technologies. These policies will also play an important role in helping to protect the business. The four above will begin you down the path. Make sure you continue to look for additional ones that may be a good fit for your business. Also, make sure to allow your employees the flexibility to try new things — just make your first priority protecting your data and your business. Lastly, just because you have a policy, doesn’t mean everyone understands and adheres to it. You’ll need to provide the necessary training, support and monitoring for your technology policies to ensure everyone is staying within your acceptable use guidelines.