6 Key IT Policies Every Company Should Have

Many small businesses make the mistake of not taking action. They don’t think things need to be so formal. They just tell employees what’s expected when it comes up and think that’s good enough.

But this mindset can lead to problems for small and midsize businesses. Employees aren’t minded readers. Things you take for granted may not be for them.

The lack of policies can also leave you in a bad position legally if a problem arises. For example, in a lawsuit for misuse of a company device or email account.

Did you know that 77% of employees access their social media accounts while at work? What’s more, 19% of them spend an average of 1 full work hour per day on social media. In some cases, employees are ignoring company policy. In other cases, however, there’s no specific policy for them to follow.

{% video_player “embed_player” overrideable=False, type=’hsvideo2′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1200′, height=’1200′, player_id=’85306629648′, style=” %}

IT policies are an important part of your IT security and technology management. So regardless of the size of your company, you should have such policies in place. Onyx’s IT team will give you an overview of some of the most important IT policies that should be in place in your organization.


Do You Have These IT Policies? (If Not, You Should)


Password Security Policy

Approximately 77% of all cloud data breaches originate from compromised passwords. Compromised credentials are also now the most common cause of data breaches worldwide.

A password security policy defines how your team handles its login passwords. It should include things like:

  • How long passwords should be
  • How long passwords should be
  • How passwords should be constructed (e.g., at least one number and one symbol)
  • Where and how passwords should be stored
  • The use of multifactor authentication (if it’s required)
  • How often to change passwords


Acceptable Use Policy (AUP)

The Acceptable Use Policy (AUP) is an overarching policy. It governs the proper use of technology and data in your organization. This policy governs things like device security. For example, it may require employees to keep their devices up to date. If this is the case, you should include it in this policy.

Another item to include in your AUP is where company device use is permitted. You can also restrict family members from sharing work devices.

Data is another area of the AUP. It should dictate how data should be stored and handled. The policy could mandate an encrypted environment for security reasons.


Cloud and App Use Policy

Employee use of unapproved cloud applications has become a major problem. It’s estimated that the use of these “shadow applications” (IT) accounts for between 30% and 60% of an organization’s cloud usage.

Often, employees use cloud applications on their own because they don’t know any better. They aren’t aware that using unauthorized cloud tools for corporate data is a major security risk.

A cloud and app usage policy tell employees which cloud and mobile apps can be used for business data. It should restrict the use of unapproved apps. It should also provide a way to suggest apps that increase productivity.


Bring Your Own Device (BYOD) Policy

Approximately 83% of organizations use a BYOD approach to employee mobile use. Allowing employees to use their own smartphones for work saves companies money. It can also be more convenient for employees because they don’t have to carry around a second device.

However, if you don’t have a policy mandating BYOD use, security and other issues can arise. Employees’ devices can be vulnerable to attacks if the operating system isn’t updated. There may also be confusion about compensation for the use of personal devices in the workplace.

The BYOD policy clarifies the use of employee devices for business purposes. This includes the required security of these devices. It may also provide for the required installation of a device management app. It should also cover compensation for business use of private devices.


Wi-Fi Usage Policy

Public Wi-Fi is a concern when it comes to cybersecurity. 61% of companies surveyed report that employees connect to public Wi-Fi with company-owned devices.

Many employees don’t think twice about logging into a company app or email account. Even if they’re using a public internet connection. This could expose those credentials and lead to an intrusion into your corporate network.

Your Wi-Fi usage policy explains how employees should ensure secure connections. It may mandate the use of a corporate VPN. Your policy may also restrict the activities employees can perform on public Wi-Fi. For example, they may not enter passwords or payment card information into a form.


Social Media Use Policy

Since social media use is so prevalent in the workplace, it’s important to address it. Otherwise, the endless scrolling and posting could rob hours of productivity each week.

Include details in your social media policy, such as:

  • Restricting employee access to personal social media.
  • Limiting what employees can post about the company
  • Reference “safe selfie zones” or areas of the facility where public pictures aren’t allowed

Allow Onyx IT to Improve Your IT Policy

Documentation & Security


Onyx IT can help your company address IT policy deficiencies and security issues. Contact Onyx IT today to schedule a consultation to get started.


Article used with permission from The Technology Press.