IT Basics and PnP
Regardless of the size of your company, your IT department should have a well-thought-out range of policies and procedures in place. Planning ahead with these policies leads to improved cybersecurity, assuming everyone does, in fact, follow the policies in question. Every company has its own unique needs, but the following policies and procedures should always form a part of your IT strategy. With all the following in place, everything from daily cybersecurity to audit preparation will become a reduced concern.
Acceptable Use Policy
Sometimes abbreviated as AUP, an acceptable use policy essentially details the acceptable ways in which employees can use technology. The acceptable use policy should cover such information as no expectation of privacy, using computer resources, access to devices, illegal copying, communication regarding trade secrets, and accessing files of other users.
A key part of any IT policy should be information security, which will create the foundation for the company’s data risk management. This particular policy also involves defining the single contact point who is responsible for all information security. This section of your IT policy should include information and system access, user IDs and passwords, the password policy, and more. The password policy is one of the most important aspects of the information security procedures. It should include guidelines for choosing passwords, as well as how frequently they must be changed.
The IT department is responsible for setting the technology standards within a company, weighing such factors as cost, effectiveness, and cybersecurity. These guidelines should prioritize the safety of data and minimize the risk of accidentally downloading malware. These technology standards typically include both the hardware and software used as a preference and those that are not allowed.
In addition to the above policies, the IT department should have a set of procedures in place to follow for disaster recovery, as well as a business continuity plan. This can be a combined procedure, DR/BCP, and will typically focus on recovering from environmental disasters. As part of this plan, every department within the company must be aware of what their related responsibilities are. The plan should include a list of key recovery personnel, each with set recovery tasks and the procedures they will follow to complete those tasks. This is also the portion of your IT policy where you might want to outline data backup methods, as well as the intervals at which backups must occur.
Although access to the network can be included in other IT policies, it requires deeper consideration than some small businesses realize. Both wired and wireless access must be included in the plan, and it must include procedures for guest use. Most companies will need to offer guests access to the network, whether it is part of an independent audit or just a consultant or customer who needs particular information. The wireless infrastructure should include policies for this, as well as the particular procedures to follow before giving guests access.