25/05/22

IT security use policy and the role of employees

Protecting your IT systems from attack is an essential part of keeping your business safe and successful and it’s important that your employees are constantly aware of the part they need to play in this.

One of the ways of ensuring they and you as a business are meeting the necessary requirements is by adopting an IT Acceptable Use Policy – a set of easy to understand dos and don’ts which detail what action should be taken in specific situations and what is expected of the employee in complying with the various rules and regulations.

A question of common sense

Your IT Acceptable Use Policy refers to safeguards surrounding the employee’s access to business networks and computer and information systems. A document which is clear and concise in how they are expected to use the information and systems available to them while being constantly aware of the need to exercise caution and maintain security.

It’s a policy the employee must sign up to before accessing sensitive systems and data but is something which really holds no great surprises and the document is really little more than an extension of good, basic, common sense – it just means it is laid out in black and white and is something they must agree to.

The policy basically raises awareness of potential issues that may cause future problems and instigates an understanding of the importance of a set of rules to be followed, which includes:

  • NOT installing programs onto company systems without the appropriate permissions.
  • NOT passing on login details or passwords to anyone unauthorised.
  • NOT trying to gain unauthorised access to information or IT systems. 
  • NOT contravening GDPR.  
  • NOT trying to hack the security of another user.

Day-to-day communication

Emails have become the communication of choice but misuse can cause serious problems and, again, having a specific policy in place will have the desired effect of educating employees about their use and help safeguard your business.

Your policy will need to address things like downloading email content while also setting out your rules on what is acceptable concerning size and content of email messages. Employees also need to be aware that it is they who are responsible for the use and misuse of company emails.

Only authorised personnel should be permitted to use the company email system, employees must not create or send anything over company email that is illegal or spam and messages need to conform to the various legislation, such as the Human Rights Act, Data Protection Act and Computer Misuse Act. They should also be aware of infringing any copyright regulations that may apply.

If you are looking to put together an IT policy for your business and are looking for an IT team to support you in this please do get in touch with the team to find out how we can help.