When you think of protecting your company’s data and network, firewalls and antivirus software may be the security tools that come to mind first. While these are great (and necessary) components of IT security, one critical weapon that often gets overlooked is the Technology Use Policy.
What’s a Technology Use Policy?
A Technology Use Policy is a contract between a business and its employees, contractors, vendors and anyone else who is given access to the company’s technology assets (desktops, laptops, phones, software, network, files, etc.). The policy outlines exactly how the technology can be used as well as the consequences for unauthorized use. It’s a good idea to go through the policy with every employee at onboarding and annually thereafter.
Why is a Technology Use Policy important?
Although most business owners worry about hackers gaining access to their network, many don’t realize that their biggest security threat comes from the inside — their employees. In fact, in a survey of IT professionals, 50 percent reported that their company had been victim to an insider attack at least once within the previous year. Since employees have access to critical company data on a daily basis, a solid Technology Use Policy is a very important way for business owners to protect sensitive information.
What should be included in the policy?
A comprehensive use policy should incorporate the following:
Use of company technology
Any tech provided by the company, including hardware, software, networks, records and other electronically stored information should only be used for the business of the company. Employees should be prohibited from using company technology to send, receive, view or store any content that could be considered defamatory, discriminatory, harassing or pornographic. Mobile or remote users of company equipment should be required to use a company Virtual Private Network (VPN) to access the internet when they’re away from the office.
Use of unlicensed/copyrighted software
If an employee downloads and installs software on a company device without a proper license, the company can be held liable for copyright infringement. Even more, every unauthorized download puts the device and network at risk for malware that can wreak havoc and bring business to a standstill. Employees should be restricted from downloading software without permission from IT, as well as installing unlicensed software on company computers.
Defined access to networks and data
Unrestricted access should not be given to every employee, vendor and contractor. Instead, the Technology Use Policy should define what constitutes authorized use and access to networks, systems and data, as well as what constitutes unauthorized use and access. This may help protect a business from the actions of a disgruntled employee under the Computer Fraud and Abuse Act (CFAA).