IT policies – A cure for insomnia? - IT Company Peterborough, Norwich & Sheffield

IT policies – A cure for insomnia?

Let’s face it – IT policies are not the most exciting topic. Because of that reality, there are two common (but similarly futile) approaches:

Approach 1 – don’t bother.
Approach 2 – Find a generic IT policy on the internet. Put a copy in the staff handbook. Hope the staff will read it.

Does this sound familiar? Don’t worry – you are far from alone if so. However, it’s still worth taking a moment to think about trying to be better than average. The good news is that it isn’t difficult or costly to make a big step forward. And it’s worth doing to help protect your business, your customers and your staff from the threat of cyber crime.

The third way

As one of its ’10 steps to Cyber Security’ guidance: here, the government advises the following:

Principle: User Education and Awareness

Produce user security policies covering acceptable and secure use of the organisation’s systems.
Establish a staff training programme.
Maintain user awareness of the cyber risks.

Let’s refer to this as ‘Approach 3’. Compared to Approaches 1 and 2, it is relatively rare to find organisations taking this advice on board. It is a shame because it requires relatively little effort and the benefits are realised quickly.

Where to start?

The starting point is to identify some key IT related topics that are important to your organisation and then write policies which are relevant to your company. There are many useful sources you can draw from to help you do this. These might include trade organisations, professional advisers, and – yes – the internet. But, the most important thing is that what you produce is realistic and reflects what happens in your organisation. Beware of ‘one size fits all’ policies or policies written in language that only the IT department will understand.

There is no definitive list, but a reasonable benchmark for most SMEs could be:

Internet Acceptable Use policy (AUP)
E-mail policy
Social Media policy
Bring Your Own Device policy (BYOD)
Removable Media policy (covering things such as USB data sticks)

Hope is not a strategy

Having gone to the trouble of writing the policies, you must now resist the temptation to assume that staff will read them, let alone understand them. Hope is not a strategy. Rather than putting the policies in the proverbial bottom drawer, talk to your staff about them and explain the key points in plain English. The purpose of the policies is to change behaviour for the better, not an academic exercise.

Talking about policies can form part of a general staff training programme on cyber risks. Policies are part of the equation, but there are many other topics you can also include to raise awareness. And it doesn’t have to be a cure for insomnia. Done well, training can be engaging. Most staff will use computers and the internet outside of work and they will face similar cyber threats in their personal lives. Make it seem relevant and useful to them as both an individual and an employee, not threatening and simply about Big Brother watching them.

To find out how EasylifeIT™ Director can help you implement policies which make a difference, contact us today on 0800 043 9186 or email itdirector@easylifeit.com

The leaver: gone – but too often forgotten

Jake Thomas

16:16 18 Jul 22

A professional and very competent service. Everything is managed beyond expectation. Highly recommended.

Tom Chance

09:27 09 Mar 21

We engaged Lindsey and her team to improve our security, and implement Microsoft across our business. They did an amazing job, and worked tirelessly and with lots of patience until things were working perfectly. Lindsey really knows her stuff, and I was so impressed by her knowledge of IT and ability to the root of issues.

Tamara Cooke

14:09 17 Sep 20

EasylifeIT are always able to solve our IT issues. Their support team are helpful, patient and are happy to explain things to you if you ask. FYI I've not ticked good value as my employer pays the bill so I don't know!

Sherwin Currid Sherwin Currid

08:09 10 Jul 20

Easylife IT have looked after our cloud IT systems for many years now. We continue to be very happy with the service which is prompt and efficient. The team are very knowledgeable and stick with issues until they are fully resolved. I would have no hesitation in recommending them to others.

Nick Green

10:45 09 Jul 20

My business has been using Easylife IT for what must be around 10 years and I have not needed to look elsewhere in that time! As a small business we don't have IT capabilities in house and the backup service from Easylife has given us confidence knowing that our backs are covered. All issues dealt with remotely and for higher level issues the business owner will help out with friendly advice. I always feel their advice is good and charging is fair. I am a little surprised to see another review that appears to speak highly but giving a 4 star. Anyway it's definitely a 5 star from me! Highly recommended.

Blog