6 Important Policies to Implement in Every Company

Many small businesses make the mistake of not implementing policies. They feel like things don't need to be formal. They'll simply tell staff what's expected of them as they come up and think that's enough .

This way of thinking can cause several problems for small and medium-sized business owners in Quebec . Employees can't read minds. Things you think are obvious may not be obvious to them. Not having policies can also leave you in a poor legal position if something goes wrong. For example, a lawsuit due to misuse of a company device or email account.

Did you know that 77% of employees access their social media accounts while at work? Additionally, 19% of them spend an average of one full work hour per day on social media. In some cases, employees are unaware of company policy. In other cases, there is no specific policy to follow.  

IT policies are an important part of your security and technology management. So, no matter the size of your business, you should have one.  

Do you have these IT policies? (If not, you should)

1. Password Security Policy

Approximately 77% of all cloud data breaches result from compromised passwords. Compromised credentials are now the leading cause of data breaches worldwide.  

A password security policy will guide your team on how to manage their login credentials. It should include elements such as:

• The length of the password
• How to construct the password (eg: use at least one number and one symbol)
• Where and how to store passwords
• The use of multi-factor authentication (if required)
• How often to change passwords.

2. Acceptable Use Policy

The acceptable use policy is a comprehensive policy. It provides a framework for the appropriate use of your company's technology and data. This policy will govern things like device security. For example, you may require employees to keep their devices up to date. If so, you should include this in this policy.  

Another thing to include in your acceptable use policy would be: where is it acceptable to use company devices? You could prohibit remote employees from lending their work equipment to family members.  

Data is another element of this policy. It should dictate how data is stored and managed. It may also require an encrypted environment to maintain security.  

3. Cloud and Application Usage Policy

At Nexxo , we believe that employee use of unauthorized cloud applications has become a major problem. It is estimated that shadow computing accounts for 30% to 60% of cloud usage within an organization.  

Employees often use applications on their own cloud because they don't know of a better alternative. They don't realize that using unauthorized cloud tools for company data is a major security risk.

A cloud and application usage policy will tell employees which mobile and cloud applications can be used for corporate data. This should limit the use of unapproved applications. The policy should also suggest applications that would improve productivity.  

4. Bring Your Own Device Policy

About 83% of companies use a "bring your own device" approach to employee mobile use. Allowing employees to use their own smartphones for work saves companies money. It can also be more convenient for employees because they don't need to carry a second device.  

On the other hand, if you don't have a policy governing the use of personal devices, there could be security issues, or other concerns. Employee devices could be vulnerable to attacks if the operating system isn't updated. Additionally, there could be confusion about compensation for using personal devices at work.  

The bring-your-own-device policy clarifies the use of employee devices for business purposes, including the level of security required for those devices. The policy may also mention the required installation of a device management application and cover compensation for the use of personal devices for business purposes.  

5. Policy on the use of public Wi-Fi

Public Wi-Fi poses a cybersecurity challenge. 61% of surveyed companies say employees connect to public internet from company-owned devices.  

Many employees won't hesitate to log into a company application or email, even over a public internet connection. This could expose those credentials and lead to a breach of your company's network.    

Your Wi-Fi policy will explain how employees should ensure a secure connection. It may dictate the use of a corporate VPN and restrict the activities employees can do while on public Wi-Fi. For example, not entering passwords or payment card information into a form.  

6. Policy on the use of social networks

Given that social media use is so common at work, it's important to address the issue. Otherwise, endless scrolling and posting content could steal hours of productivity each week.  

Include details in your social media usage policy, for example:

• Restrict employees' access time to social networks
• Restrict what employees can post about the company
• Note “safe selfie zones” or installation areas that are not suitable for public images

Get help improving your security and IT policy documentation

At Nexxo , we can help your company address security issues and IT policy gaps. Contact us now to schedule a meeting and let us help you.  

About Nexxo

Nexxo Solutions informatique is a company specializing in providing IT and technology services to Quebec businesses. Its mission is to offer Quebec companies IT services tailored to their needs. Acting as an external IT department, it handles all of a company's IT tasks, allowing it to focus on its business activities. It achieves this by collaborating closely with its clients and putting their interests at the center of its concerns.