Let's face it, your small business probably doesn't have a policy on how employees should use information systems and you've probably not even thought about it.
But, with the ever increasing dangers on the madness that is the internet and all it's connected 'gubbins', you really need one, even a basic one. So, here's some pointers on what to include :
Scope
All systems, accessed by anyone, anywhere that is probably going to get hacked as soon as they click that ever enticing link in the email from that guy they've never heard of.
To counter the possibility of a hack, employees and the boss (yes, you!) should do the following as a minimum :
- Use Opera as the web browser, or Chrome if you must
- Encrypt any portable devices, or at least encrypt any location that has personal, sensitive or financial information that is a target for those bad guys
- Ensure you patch your system you dummy, it may be annoying but it could save you from looking like a clown?
- Never leave any device, ever, unlocked and usable when you leave it unattended. That includes, going to the toilet or to get a drink. Lets face it, those things always take longer than you think and someone could access the system while you're not there.
- Configure your browser with 'click to play' so those plugins that hackers target don't auto steal your data! Of course, it should go without saying (yet, here we are) that you only click the 'enable plugin' box if you are damn sure it's not malicious!
- Only use your work devices for work and don't use personal accounts for doing work stuff. It'll only lead to trouble. And that includes letting your teenage son install some game he just downloaded from a peer-to-peer service. You're kidding right?
- You will not use a terrible password, like your surname or if you're really clever, you'll think using Surn@me will somehow make you immune from hackers!
- Spolier alert: It won't!
- Use a password manager and use a super strong password that only you know to secure that password manager.
- Promise not to click on those emails you get that might be phishing for your credentials or trying to get you to open a boring tax return or invoice.
- Use Two Factor Authentication anywhere it's offered to provide better security than just a password. It's really not that hard to do and it will save your bacon. Unless you're a vegetarian where it will save your sprouts! Which is just as good.
- Be careful where you share the company's data when using 3rd parties.
So, there you have it, a simple and practical policy to follow to stay more secure. Of course, you can ignore all of the above and do your own thing and then get annoyed and probably sued when it all goes wrong!