Get in touch:

Tags: , , , , , , ,

Creating and implementing a Computer Use & IT Security Policy will help protect your business from a number of risks, including cyber attacks, data loss, fraud and reputation damage. The exact content of your policy will depend on the type and size of your business, and the different job roles that your staff undertake. In this article, we offer a brief guide to some of the key content that you might want to include in your policy.

  1. Access rules

A good place to start is to define which staff members need access to which systems. For example, your accounts team will need to use Xero, QuickBooks, Sage or similar software, which receptionists or call centre handlers won’t require. You don’t need to list every application that can and can’t be accessed by each role, however. A general note such as ‘Employees may only access the systems and software they require to do their jobs’ may well do the trick.

The same principle applies to internet and email access, as there may be some team members who don’t need to go online. Setting up accounts and email addresses that aren’t needed isn’t just a waste of money, it’s also a potential security risk. Where employees do have company accounts, consider how much control you want them to have over settings, and restrict this if appropriate.

A separate area to consider is employees connecting to your network using their personal devices such as smartphones and tablets. You may be happy for them to do this, but could set rules around when they can go online (e.g. only during breaks) and what activities they’re allowed to do, such as checking personal emails, bank balances. On the other hand, you could ban personal access to the company network, or ask that personal devices be locked away during working hours.

You may wish to provide a public wireless network and allow staff to connect their devices via that network.

  1. Using the internet on company devices

Online and cloud-based services can be great for boosting productivity and efficiency – helping staff collaborate more effectively and communicate with colleagues working remotely. On the other hand, it only takes one click on a malicious web link or email attachment to infect your entire network, potentially bringing your business to its knees.

You’ll need to think carefully about how you can make sure your employees use websites, email and online applications safely. Installing up to date IT security measures and training staff are both important, but your Computer Use Policy can also help by encouraging (or requiring) responsible behaviour online.

Suggested content might include:

  • Requiring your staff to always use company email accounts and preferred web browsers for work purposes
  • Limiting personal use of email and websites, for example, restricting the amount of time employees can spend on social media, or banning access altogether
  • Reserving the right to monitor your team’s use of company email accounts and web browsers (note there are legal restrictions around how you do this, and details must be included in staff contracts as well as your Computer Use Policy)
  • Prohibiting access to illegal or offensive websites, e.g. pornographic or racist sites
  • Installing pop-up blockers to help prevent virus infections from malicious websites
  • Requiring all new software to be installed by an authorised member of staff
  • Making sure all work-related cloud-based services are approved in advance and company accounts are used, not personal ones
  • Restricting access to confidential client and company data.
  1. Email housekeeping

Email inboxes and folders tend to account for a big chunk of a company’s data storage – but they don’t always need to. Your Computer Use & IT Security Policy could encourage staff to keep their email accounts ‘clean’, by deleting messages that are no longer needed and archiving any they may require in the future. This will speed up your email software, as well as your backup and restore processes.

You may also like to include some email management guidelines in your policy. For example, to maximise productivity, it’s recommended that employees check and deal with their emails a few times a day, rather than responding to individual messages when they arrive. Doing this can reduce stress and boost productivity, as your team can close their email software and focus on other tasks in between checks.

  1. Using social media for business

Social media can be a great way to communicate with your clients, prospects, suppliers and the wider world. But it can also backfire if misused, with disastrous results for your reputation. Rather than allowing general access, appoint a couple of trusted team members to manage your accounts, and clearly define what is and isn’t acceptable behaviour.

Perhaps the most important rule in your social media policy is ‘Don’t post it until you’re sure’. Badly thought-out or controversial posts can create a social media storm, attracting trolls and putting your company in an unwelcome spotlight. Other rules might include never commenting on your competitors or their products and services; or revealing any sensitive company or financial information.

To give your posts a more personal touch, you could encourage your social media team to sign their names on posts. But restrict this to first names only and don’t make it a requirement if people aren’t keen.

  1. Buying online

It’s common practice for companies to order goods and services online, using specialist services or more generic sites like Amazon and eBay. Unfortunately, there are lots of rogue sites that will take your money and disappear into the sunset – with your company credit card details. So put some ground rules in place to make sure this doesn’t happen.

Here’s some content to include in your Computer Use Policy:

  • A list of approved online suppliers
  • The individual names or job roles that are allowed to buy online
  • A requirement that only official company accounts are used, never personal ones
  • A process for requesting and authorising purchases, e.g. a Works Order
  • A reminder to always check the website is genuine and features the padlock symbol and https:// in the browser bar.

Need help with your Computer Use Policy?

It can be confusing and time-consuming to decide what to put in your policy. The points above are by no means exhaustive and your business could have other important considerations that need including. Let Jalapeno Business Services help.

Our expert consultants can assess your requirements and create a suitable policy that meets your needs and gives you the right level of protection. We can also train and mentor your staff to help them understand and implement your Computer Use & IT Security Policy.

Get in touch today to discuss your policy requirements and find out how we can help.