Do your Policies Help or halt Production?
A current metaphor for implementing corporate IT policies and procedures suggests comparing them to guardrails, keeping your employees moving safely, versus throwing up roadblocks that are so onerous that they stop progress. At River Run Computers, we agree. Good IT policies and practices actually can keep your company moving forward, avoiding a show-stopping catastrophe.
The two policies that seem to cause the most negative employee reaction are Strong Password Protection and Web Content Filtering. Yet this can be very effective in preventing company loss in both data integrity and productivity. Let’s examine these in light of making sure the policies are “Guardrails, not Roadblocks”.
Typically, Strong Password Protection requires employees to create passwords that are 8 characters or more, using both upper and lower case letters, numbers, and special characters. Secondly, these passwords must be changed every 90 days or so. These are hardly high hurdles compared to some procedures in use by corporations requiring two factor authentication, something known, (such as a password), and something obtained, or difficult to copy, (such as an emailed code, biometric scans, fingerprints, or ID cards with RFID chips, etc.). So let’s look at the reasons for Strong Passwords.
The 50 most popular passwords are well known to hackers. Even common pet names, favorite sport, address, birthdays are easily guessed. And if your employees are like others, they use the same passwords for multiple accounts, their computer and bank account logon for instance. We often see common logons for multiple users. Once hacked, a user’s entire online presence is jeopardized. Worse yet, many employees still write down their passwords, which can easily found under keyboards, desk accessories or blatantly stuck to their monitors for all the world to see. A strong password is not as difficult to remember as most employees fear. For instance, “fido2005” can easily be converted to “f1D0-2koS” or make one from a saying or poem, “Mh@ll-WfwW@$” (Mary had a little lamb, whose fleece was white as snow). Starting with a strong password or using a password wallet application to hold or generate new strong passwords can then be easily enhanced with changes periodically. Just add another number or letter for the month or quarter.
Web Content Filtering is just common sense. There is rarely any reason for employees to have access to social media sites or to be streaming music. These eat up bandwidth and time. Locking out dangerous or non-business areas of the Internet guards against viruses and malware, and focuses employee attention on their work. If you must allow access, provide an unsecured, separate public Wi-Fi with limited bandwidth for their personal device use only. HR or marketing departments can be granted access to Facebook or LinkedIn, but for the most part, these sites should be off limits for your workers. Should your staff really be reading and answering their private email or corresponding with friends during work?
Today there is a real imperative to provide guardrails, not roadblocks, on the Information Superhighway. Most companies must update their IT policies to counter current cybersecurity threats and network weaknesses. You need to discuss these issues with employees and have them acknowledge your current policies and practices ON A YEARLY basis. If you’d like help creating a comprehensive IT use manual or chapter for your employee handbook, River Run can help. It is one more way we can keep you up and running.