7 Things You Need to Know About Your Employees IT
Do you trust your employees? It’s an evocative question and we’d be surprised if you answered with a resounding No! However, even your most trusted of employees can make mistakes which can lead to issues with your IT systems.
Most data losses, viruses and malware attacks or data breaches can be traced back to an individual clicking something that they shouldn’t or visiting a website that they should have avoided.
For that reason, it’s important that business owners and senior managers undertake some monitoring of employees’ computer use whilst at work.
It’s worth remembering that you supply IT equipment to allow individuals to do their job effectively and any other use such as social media, personal communication, shopping and the like could have a greater cost to the business than wasted time.
You should have a policy in place which gives employees clear guidelines for what is and isn’t acceptable when it comes to using businesses IT equipment.
Your IT Support Provider should be able to provide sample policies and advise you on how to lock down websites and restrict employees from downloading software.
You should also have solutions in place that help you to answer the following on your staffs’ devices (and remember that might include mobile devices).
Does their device have any malware or viruses on it?
This might seem obvious but knowing if a piece of malware has breached the companies defences and onto an individuals’ computer is a vital piece of information.
There are many types of malware that simply sit on a system gathering information and so you, unlike recent attacks where an obvious alert is given, it might not be immediately apparent that something is amiss.
Speed is of the essence as the longer a ‘nasty’ is present on your network the more likely it is to spread and infect other users and systems.
What have they downloaded (or attempted to download)?
Have your workers got the proper permissions set on their computer? It may be inconvenient at times but administration rights should only be granted to Directors with responsibility for IT or other qualified IT professionals.
This means that only suitably knowledgeable people can download new programs and update or remove old ones.
If you’re considering Cyber Essentials certification then you’ll need to consider permissions very carefully.
If you allow anyone on your network to download anything they lack then you are asking for trouble, and need to look carefully at your IT policies.
Are their programs all up to date?
Hackers were recently able to attack the NHS and other high-profile targets due to them using out dated, unpatched software.
When those annoying updates ask to be installed they are usually there to close security loopholes and it’s therefore vital they are installed. This is referred to as patching.
You should either have your IT Support Provider carry this out for you, or ensure someone in-house is responsible.
If you are leaving the installation down to individuals in your business your exposing yourself to risk, especially if you’ve not explained the importance to your staff.
If you are going to delegate responsibility to individuals then at the very least you need to have a clear, written policy, which is communicated to everyone.
If someone doesn’t patch and a hacker uses a vulnerability to attack your systems it will be unlikely that the computer of the guilty party will be the only one infected.
What websites are they visiting?
The first three items we’ve listed are security focused but where your employees go to on the Web has connotations for both security AND productivity.
If employees are visiting sites for personal use during working hours then you need to know how often and for how long.
A clear policy is needed and you might want to consider software that blocks certain sites. This can lead to issues though, as the Marketing Department for example may need access to Facebook etc. so a blanket ban might not work.
Some companies permit access to social media, news and sports websites during lunch and breaks, others ban those on work devices at all times.
This could be an issue that goes beyond IT and into the culture of the business.
Are they using company email for personal use?
No one likes the idea of someone reading their mail – whether it’s electronic or physical.
However, courts have consistently ruled in favour of businesses in privacy related cases so employees should have no expectation of privacy.
Companies have a legitimate interest in knowing what’s being sent and received through a work email account.
For example, if a company is unaware of sexist, racist or any other correspondence that could be considered as harassment then they have a possibility of opening themselves up to criminal or civil liability.
Employees should not assume that a personal email address being used on a work computer cannot be monitored too.
A company has a right to know what is being transmitted using their equipment and you should be making employees aware of this and have a system in place for monitoring.
Personal correspondence can also have a negative effect on productivity; do you know how much time your employees spend organising evening and weekend plans on your time?
Are they transferring files to or from personal devices?
Whilst the desire to take work home might be considered a good trait for an employee they way they transfer any files they are working with needs to be monitored.
Security on your business network is likely to be tighter than on a workers’ home computer and if you allow the use of external drives and the like to transfer files you open your network up to any issues that the individuals’ PC may have.
Are their passwords secure?
Few companies have a formal password policy but we’ve talked before about the need for secure passwords and why you should be considering using password management software.
However, another issue is sharing passwords with colleagues to allow them to ‘pop’ on to a machine or, and believe us it happens, having the same password for all users.
Sharing a password between colleagues is bad enough but often employees will use the same password for home and work accounts, meaning if home (with lesser security remember) is compromised then so is your network.
What can you do?
Policies people! Let people know what the expectations are and then monitor them against these.
Speak to your IT Support provider about what they can do to lock down accounts and provide website blocking software, patching and virus/malware protection.
Education and communication works alongside monitoring to ensure that systems are secure and that staff are using IT equipment securely and for the purposes it was meant for.
If you’d like any help and advice on keeping your systems secure and improving staff productivity through effective use of your IT systems please call us on 0115 822 0200