6 IT Policies to Help Protect Your Company

Many companies rely on IT to help run their businesses. For this reason, they often depend on a set of IT policies to ensure the productive, appropriate, and legal use of IT resources. IT policies establish expectations and regulations for behavior related to company computers and networks.

In addition, IT policies detail consequences for employees or customers in the event of a policy violation. The proper enforcement of IT policies may also provide a basis for defense in the event of a lawsuit.

Here are six common IT policies to help protect your company:

1. Acceptable Use Policy

An acceptable use policy, or AUP, restricts use of a company's network or services. AUPs prevent illegal activity, ensure security, and safeguard the reputation of the company.

AUPs also outline the consequences of breaking the rules. A common penalty is restricted or permanent loss of access to the associated network or service.

2. Privacy Policy

Privacy policies protect the personal information collected from a company's customers and employees. Personal information includes anything that can be used to identify an individual. Names, social security numbers, credit card numbers, email addresses, and even photos of individuals are considered personal information.

Privacy policies typically document how personal information is collected, stored, used, and disposed of. Privacy policies may also disclose when personal information is shared or sold to third parties.

3. Data Governance Policy

Data governance policies describe how data is managed as it passes through company systems. Specifically, these policies document how a company makes sure that data is accessible and secure, as well as accurately collected and properly maintained.

Data governance policies also identify the people responsible for the quality and security of company data. They might also mention any third parties that play a role in the company's data management plans.

4. Disaster Recovery Policy

A disaster recovery policy outlines the broad requirements of a company's disaster recovery plan. These policies identify critical data and responsible departments or staff. They also specify allowable downtime, as well as how to ensure business continuity in the event of downtime.

Disaster recovery plans are usually created by senior IT staff. However, the specifics of data recovery plans are normally left to those designing and executing the plan.

5. BYOD Policy

A BYOD policy, or Bring Your Own Device policy, is an IT policy that governs the use of personal mobile devices in the workplace. BYOD policies are becoming increasingly important, with study after study showing the dramatic shift of personal mobile devices into the workplace.

Specifically, BYOD policies state the degree to which personal mobile devices are allowed within the workplace, what can be done with these devices, and how the company will support them.

6. Social Media Policy

Social media policies govern employee use of social media both in and out of the workplace. These policies define how a company will manage and monitor the online behavior of it's employees. They also set forth any company expectations regarding the nature and tone of information being posted.

As a result, social media policies are sometimes perceived as repressive. However, they can actually empower employees by letting them know what can and cannot be posted. Striking a balance between the needs of the company and employees is the key to a successful social media policy.

Comments (0)

5 Things to Consider When Planning Your Data Backup Process

Your organization's value depends on its data. A catastrophic loss of data will cripple your company, often beyond the point of recovery. For this reason, data backup plans are essential, even for startups. Save time and money by doing it right from the start instead of waiting until after the disaster. Every company needs to have their own plan that considers not only speed of recovery, but redundancy for business continuity. Many backup plans include local recovery and remote offsite options. 

Here are five things to consider when planning your data backup process.

1. Choose the Right Medium

You can store data almost anywhere, especially when you don't have much to back up. However, the storage medium you choose determines how quickly you can go from a server crash, and lost data, to being productive again. The best storage medium allows you to store large amounts of data, but also makes recovery quick.

For instance, DVDs may be convenient and inexpensive, but they'll prove to be rather difficult to manage once you have terabytes of storage to maintain. Hard drives might make sense in such a situation, especially if you are looking for redundancy in your backup solution.  Cloud backup offers an offsite option and is important part of the planning. 

What is best really comes down to your own specific needs.

2. Test Your Backups

How do you know your backups aren't corrupted? One common unforeseen failure in data backup plans is corrupted files, found only once a catastrophic failure has occurred. You simply don't know the integrity of your backups unless you test them.

The frequency of when you test your backups ultimately depends on the value of your specific data. It is recommended that you periodically check to make sure that your backups work as expected and restore properly. This process will not only ensure the integrity of your backups, but also provides a regular check that the backups are occurring at the specified interval.

3. Schedule Your Backups During Off-Peak Hours

Scheduling large amounts of data transfers across your network can create all kinds of problems. First, moving terabytes of data can take hours and it will eat up your bandwidth. Backups performed during the day will affect users' productivity. They can even create issues with dropped virtual meetings, phone calls (VoIP) or data transfers. Instead of interrupting users, schedule your backups at night.

To perform scheduled backups, you'll need good software. The software must be able to identify when resources weren't properly backed up and alert you to any issues. It also must be reliable enough to back up your data regularly without interruptions.

4. Audit Your Data

Backups are easy when you have one server. But, what happens when your company expands and you have several servers and workstations to maintain? You can easily forget to include important data in your backup process. The only way to ensure that you back up all your important data is to perform an audit.

Your audit should include all the servers within your network. First, you must know where users back up data. These file servers hold important user documents. Second, you always need to back up database servers. These servers contain critical company data. Finally, any application servers must have backups. Application servers can usually have more infrequent backups since they do not change often.

5. Prioritize Security

The last thing to consider is security, but it's probably one of the most important. You can't back up all your data and leave it in a random location. Poorly secured backups leave not only a few documents open to hackers, but tons of data. Backups are frequently forgotten when securing your network, but you should have high standards for their security.

Don't skimp on your company's most prized possession. Data is your company's most critical asset. Contact us for a quick check-up on your existing data backup process to make sure you've taken everything into account.  Every company has different needs, contact us and learn how Ease Technologies can help your business with important data backup planning and implementation.  Call us today at (301) 854-0010.

Comments (0)

Steps before upgrading your device to iOS 8

Apple has just release the latest operating system (OS) upgrade for iPhones and iPads.  Like all software updates, iOS 8 offers many new compelling features and improved security for your mobile devices.  I encourage taking a little time before rushing into a new major operating system update.  Often there are a few incompatibles and technical issues that are only uncovered after the final release to the public.  When it is time to upgrade your iOS device, there are a few steps to take before you get started.

cloud servicesCan you upgrade your device?
Apple has identified the following devices as upgradable to iOS 8:
• iPhones 4s, 5 and 5s
• iPad 2, 3, 4, Air, Mini 
• iPod 5 Gen

Do you have enough room?
It is a good time to look over your device to see if you have enough space and clean up some space.
Check under Settings>General>Usage to uncover how much storage space is being used up.  Anything less than about 1 GB it is time to remove some older items.  A full list of apps and storage demands by those apps are listed as well.  If you are no longer playing Candy Crush you can delete it here.

Clean up media
You may be low or storage space or just in need to clear out some old photos and videos. After a year of birthday parties and vacations there will be plenty of videos and photos that you no longer may need.  Save the good ones, but no need to keep everything.  You can use Dropbox as a way to regularly store those photos and then permanently delete that media off your iPhone.

Update Your Apps
I always update my current applications before upgrading the OS. Most all App developers update their applications with a major OS update and you will likely need that update in combination with the OS upgrade.  It can take some time to update 15-30 or more apps on your device.  Get it done ahead of time.

Backup everything in iTunes
A nonnegotiable is backing up your device before you start the upgrade to iOS 8.  Any number of things can go wrong and having a fall back option is critical. I like to do the backup in iTunes with the Encrypted iPhone backup option.  That way all the passwords I have installed on that device are backed up in the process.  This is also the process I would take before transferring my iPhone 5 to a new iPhone 6 for example, too.

Finally, make sure your device is fully charged and you can start your upgrade. 

Call Ease Technologies today at (301)854-0010 and learn how Managed IT Services can help secure your business and reduce your IT costs in Baltimore, Washington or Fairfax.
Comments (0)

Why Should a Law Firm Move to the Cloud?

After Tropical Storm Sandy, many law firms found out the hard way that uninterrupted access to company data is a critical part of any business plan. Many practices are now exploring how a cloud-based office can reduce costs, improve on their disaster recovery plans and raise productivity.

Reduce and manage costs
Ease Cloud WorkspaceMany small and medium sized law firms have maintained an in-house IT environment.  This has involved the procurement of costly servers, computers, software and the support to maintain these complex systems. 

Cloud services can reduce operational costs and cut capital expenditures by eliminating more on-site IT equipment.  A cloud provider can even roll up servers and desktop systems to provide a complete virtual office in the cloud.  IT costs can then turn into a predictable monthly fixed fee model for the firm’s budget. This plan can also extend the life of your current workstation and laptop investments with less frequent hardware upgrades.

Work from anywhere
Having the ability to work from about anywhere is a critical aspect for any attorney.  This means more than just being able to read emails and communicate with clients while on the road.  Attorneys need to work on case information securely from any device. With Internet access, cloud based desktop systems can connect from any PC, laptop or tablet no matter the operating system.

Information security is imperative for all businesses and critical for law firms. Trying to equip and keep users up to date on all security procedures can be a daunting task. A cloud desktop can be encrypted connection from point to point across the Internet. Even if that device is lost, damaged or stolen the only way to get to that cloud connection again is through a new secure authentication.  Look for solutions that have industry security standards like SAEE-16 or ISO 27001 for the best protection.

Management and scalability
A cloud based virtual office can provide a much easier way to scale resources for the firm.  It is much more convenient to turn on and off services for employees with cloud services.  There is one single point of administration that can provide reports on use management for compliance. This secure scaling of devices can now be offered for work from home and BYOD.

Backup and disaster recovery
The most important part of any disaster recovery plan starts with a well-implemented back-up strategy.  Hurricanes, floods, fires and earthquakes are unpredictable devastating events for any business. Knowing that your firms and clients data is secured out-side your office provides the best level of protection against these disasters. A cloud service stores this data remotely and the best services keep redundant backups across multiple sites in the country. This level of protection is out of reach for most firms with only in-house support.

Many firms are recognizing the value of cloud services.  To learn more about how cloud services can cut costs and improve your firm’s security check out the benefits of our Ease Cloud Workspace™ or call us today at (301) 854-0010.

Comments (0)

How To Create A Cloud Policy For Your Small Business

cloud services

As you begin to move your company away from a physical infrastructure and into the cloud, it's important to make sure that proper security policies are in place. While you may have a general information security policy, don't think that absolves your organization from the need for a specific cloud security policy. The dangers that come along with using cloud software or infrastructure are markedly different than those of the typical security concerns encountered by most organizations.

The biggest risk for most cloud applications is a breach of the cloud provider's security. There is no real way to create a policy averting this risk, so the ideal solution is to look at things from the perspective of risk management—all cloud providers need to be evaluated for risk, based on their history, the architecture they use, stated security measures in place, and the value or risk of data being stored on that cloud platform.

The second biggest risk for organizations is employee negligence and inappropriate cloud usage. Curbing this risk requires several steps. First is identifying a point person in your organization, usually the IT manager, who will evaluate cloud services and approve or deny requests to use certain cloud providers. Next, employees need to be informed that they are not to use cloud services unless they have been vetted and approved by the point person. Finally, organizational data needs to be stratified by level of security it requires, so that cloud services can be evaluated for certain levels of security. For example, while one service may be perfectly fine to temporarily store or transport low–security information, it might not be secure enough for high–security information. Employees must be made aware that using cloud services is a major risk, and not to be done without authorization.

All cloud policies should integrate a worst–case–scenario plan. This can include plenty of redundant backups in case the cloud service storing your data goes down. It should also include a communication plan to inform your clients and customers in the event of a security breach at your cloud service provider.

Cloud services can offer your business a lot of flexibility and significant savings, but unless they are approached in a methodical and cautious manner, they can result in significant risk. A good cloud service policy is the biggest step towards minimizing this risk.

To learn more about how cloud services can cut costs and improve you company security check out the benefits of our Ease Cloud Workspace™ or call us today at (301) 854-0010.

Comments (0)
Our Newsletter

Upcoming Events
Calendar Icon

Upcoming Events

Wounded Warrior iPad Training
10/15/2015 12:00 PM - 1:00 PM

Blog Archive

Archive by Years