5 Must-Know Critical IT Policies for Melbourne Business (Small and Big)
You stop stone cold.
The streets stand still, and to your right… you’re face-to-face with a tram.
Somehow you’ve held on to your piccolo.
Even though you’re sweating bullets.
But the tram driver looks at you and shakes their head. You look back…mouthing “I’m sorry”, taking a step back.
It drizzles (how Melbourne) as you look around the deserted Bourke Street mall. DJs have moved to one side, but the rest of the mall is either boarded up or under construction.
Working at home in the ‘burbs has had its perks.
But truthfully, scrolling your smartphone, balancing a piccolo. And crossing a busy Melbourne street…
Well, that’s asking for trouble.
Especially when you’re back in the office for three days.
There have been tram safety campaigns, but it’s white noise you’ve ignored.
And for many businesses, not having formal IT policies can feel the same for your employees. White noise in the background – what we expect you to do and go on your way.
Here’s the thing not having clear, well-established IT policies can lead to problems.
Consider if an employee uses a company device for cheeky bets during the Melbourne Cup. Or starts sending inappropriate memes from your company’s email account.
Your business faces potential legal, brand and reputation issues. So you must communicate formal IT policies.
That your employees understand and abide by.
Recent studies have shown that 77% of employees use social media at work. And 19% spend one full hour daily on social media.
If you don’t have a social media policy, it’s difficult for you to manage.
IT policies are an essential part of your organisation’s IT security and technology management. This is required no matter what size your business is; you should have them.
Here are our top 5 IT policies your company should have:
1. Password Security Policy
About 77% of all cloud data breaches started from compromised passwords. Compromised login credentials are the number one cause of global data breaches.
A password security policy will show your team how to handle their login passwords. It should include things like:
● How long should passwords be
● How to create a unique password (e.g. using at least one number and symbol)
● Where and how to store passwords
● The use of multi-factor authentication (where possible)
● Smart password change policies (i.e. not based on a time span)
2. Acceptable Use Policy (AUP)
An Acceptable Use Policy (AUP) is an overarching policy. It includes how to use technology and data and govern concerns, including device security.
One example may be that you may need employees to keep devices updated. And your policy should include that.
Another thing to include in your AUP is the acceptable use of company devices. For example, remote workers must be restricted from sharing work devices with family. It doesn’t matter if they work at home, at a local cafe in Hampton or in a co-working space in Spotswood.
Your AUP should dictate how to store and handle data. This may include an encrypted environment for security.
3. Cloud & App Use Policy
Most people wouldn’t realise using a cloud application is an issue.
But estimates put unauthorised use for “shadow IT” between 30% to 60% of a company’s cloud use.
In most cases, the employees don’t know any better. You probably have used Microsoft 365 to do a quick presentation to help the kids out for school.
(Hopefully not on tram safety…)
A cloud and app use policy should outline what tools are okay to use for business data. Whilst restricting the use of unapproved applications.
Finally, the policy can suggest apps to help your team improve productivity.
4. Bring Your Own Device (BYOD) Policy
Now, if you didn’t read that correctly, it was BYOD, not BYO.
So there is no need to encourage your employees to BYO to Friday drinks unless that’s your secret plan.
But around 83% of companies use a BYOD approach for employee mobile use. So allowing employees to use their smartphones for work saves your business money.
It is more convenient for employees because they don’t need to carry a second device.
You know nothing is worse than scrolling Insta on the tram home with your own device. And then your work phone rings.
You don’t want to be that person – holding two phones.
But if you don’t have a policy outlining the use of BYOD, security and other issues exist.
Staff devices may be vulnerable to attack if the operating system (OS) isn’t updated. There can also be confusion regarding compensation for using personal devices for work purposes.
The BYOD policy can clarify the use of employee devices for business.
Importantly, you should Include the required security of those devices and if the installation of an endpoint management app is needed. It should also cover compensation for the business use of personal devices.
5. WiFi Use Policy
The state government has installed over 400 public WiFi hot spots across Melbourne. So connecting to free WiFi has never been easier.
Including the Bourke Street Mall, Flinders Street Station and Queen Victoria Market.
But public WiFi is an issue for cybersecurity.
61% of companies surveyed say employees connect to public WiFi from company-owned devices and phones.
Many employees won’t consider it an issue to log into a company app or email account. Even when on public WiFi.
This could expose login credentials and lead to a breach of your company’s network.
Your WiFi use policy explains how employees ensure they have safe connections.
The policy could explain the use of a company VPN and if it restricts public WiFi. And if you allow public WiFi, outline what information can’t be shared—for example, not entering passwords or payment card details into a form.
Bonus Tip…Social Media Use Policy
Social media is part and parcel of daily life. So you must have a clear policy to avoid employees’ mindless scrolling and posting.
You don’t want to lose productivity and impact your business.
It’s a good idea to include items in your business’ social media policy that include:
● Restrict times when staff can access their personal socials
● Provide guidelines about what staff can post about your organisation
● Provide guidelines about “safe selfie zones” or facility areas that are not okay for public images
Do You Need Help Improving IT Policies and Security?
We can help you install robust IT policies removing potential security issues.
For further information, schedule a consultation to get started.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.