Not all businesses have a formal IT policy, and it's something worth doing. The information shared here came from the cyber crime conference I attended last week in Cambridge, held by the county's PCC. A broader overview of cyber crime in Cambridgeshire can be found in the previous blog post.
What is an IT policy?
You probably already know – a document or collection of documents that set out best practice for staff regarding cyber security, online access, emails, etc.
The aim to to stay safer by educating staff. By having an IT policy, staff should be aware of preventable issues and be able to respond quickly if something is amiss.
How important is it?
We need to do more to protect company data, according to the experts: http://www.cambridge-news.co.uk/Cambridge-companies-beware-cyber-attacks/story-28609175-detail/story.html
According to Cambridgeshire Police, one local medium-sized business went bust due to the extent of a cyber crime, and many companies are victims on a smaller scale (see more in this post).
What should be in an IT policy?
Below are some things to think about:
Movable storage
What is the policy on storage such as USBs? Can staff bring in personal USBs and use them on a work computer?
Procurement
Who and where are you buying hardware, software and services from?
Passwords
Are colleagues allowed to share passwords? Are all desktops and laptops password protected?
Network and remote access
Can you logon to the network externally?
Office access
Who can access your office? Employees, cleaners, visitors?
User privileges
Who has access to what?
Email links and attachments
Think about a policy on clicking links, or file extensions to be aware of. For example receiving a .exe file from an unexpected source should be a red flag.
Backups
Do you keep backups and who is responsible for them?
Locking devices
Are laptops or towers/monitors left logged in and unattended?
Two-step authentication
When I hear two-step authentication I think of banks or Google mail logins, where you have a password and a text, or password and security key.
It is also something else just as useful – literally getting a second authorisation before committing to a payment. A common way of scamming money relies on administrative staff not getting a second authorisation after receiving an email from the boss. This is called CEO spoofing (see more on CEO spoofing in previous blog post).
Action!
The policy should also include what to do in the event of a security breach (see previous article for advice on this).
Author:
Eastpoint Software Mobile, Web Apps, eCommerce and MCommerce Development Company Richmond, UK, London, Chelmsford and Cambridge. Get in touch with us about outsourcing that part of the project. We have experience working with partners and agencies on software products. Call us on 01223 690164 or Mail us: info@eastpoint.co.uk to discuss what you need and how we can help.
Visit us: http://www.eastpoint.co.uk/
Eastpoint Software, Web App Development Services, Software Development Services, Mobile App Development Cambridge, Mobile Apps Development Cambridge, Web App Development Cambridge, Web Apps Development Cambridge, Mobile App Development London, Mobile Apps Development London, Web App Development London, Web Apps Development London, Web App Development UK, Web Apps Development UK, Mobile Apps Development UK, Mobile App Development UK, eCommerce Web App Development, eCommerce Web Apps Development, eCommerce App Development Cambridge, eCommerce App Development London, eCommerce App Development UK, Mobile App Development Richmond, Mobile Apps Development Richmond, Web App Development Richmond, Web Apps Development Richmond, eCommerce Web App Development Richmond, eCommerce App Development Richmond, MCommerce Development, MCommerce Development Cambridge, MCommerce Development London, MCommerce Development UK, MCommerce Development CHelmsford, eCommerce Chelmsford, Mobile App Development Chelmsford, Web App Development Chelmsford
