How to Establish an IT Security Policy

Week three of National Cyber security Awareness Month theme is "It’s Everyone’s Job to Ensure Online Safety at Work". You may also be interested in our previous post about workplace security. So here are a few quick things you can do to secure your workplace.

Write the policy out

A good security policy in place will make sure that everyone is on the same page. But many business owners struggle to know what a good security policy entails.  Firstly, your policy should clarify what practices are expected in the workplace. Make sure to explain the consequences of failing to adhere to the policy. This written policy should be reviewed, regularly communicated, and acknowledged by all staff via signed acceptance.

Set everything to auto update

There may be some pushback on this one as many people worry about what happens if an update breaks something, but's it's worth the risk to possibly prevent a hacker exploiting a vulnerability in your software. The benefits of being patched against zero day exploits far outweigh any risk associated with security updates being incompatible with existing software.  Microsoft has made vast improvements since the days of security and system updates causing problems.

Tech Tip: Set these to install overnight, because as we all know, a Windows Update can take several minutes and sometimes hours, and you don't want them installing in the middle of the workday.

Run an AV scan once a week

it's important to regularly scan workstations to verify their integrity. This will help you identify when systems are compromised, which will let you react quickly. You can certainly run them more often but the best balance we have found is to run them once per week. Ensure that your Antivirus software is set to auto update with the latest definitions and program files to protect you from malware as soon as it is identified.

Change passwords every two months

Discerning the right password strategy is important. You must find the balance between convenience and security that's right for your workplace. We recommend changing passwords every other month. This helps keep an eye on what accounts your business is using and evaluate if it makes sense to maintain it. Further when employees leave it is easy to forget to change passwords allowing a disgruntled ex-employee to wreak havoc.

Lastly, it's a great idea to work with a managed service provider to provide support and help manage these policies for you. The right managed services provider can reduce your IT budget and streamline your IT security policies.

Harness the power of a managed service provider

Save on your IT expenditures today!