Appropriate Use, Confidentiality and Monitoring policy (2)
Appropriate Use, Confidentiality and Monitoring policy
Name:
Institution:
Date:
Abstract
Comprehensive technology policies have been quite useful in ensuring that employees understand proper use of computers in place of work in order to prevent loss of information, attack from outside sources, maximum use of IT resources thus improving productivity. Technology policies ensure there is professionalism in places of work and at times the technology has red flags that may make work question the professionalism. Policies such as proper use of IT resources by employees are important. Policy set forth in a company ensures that confidentiality is protected, integrity as well as availability.
Appropriate Use, Confidentiality and Monitoring Policy
Background of Technological Policy
With the rise in incorporation of technology into almost every single business, it is important for a company to a have a technology policy. Every organization or company that uses computers need to have technology policies in place that will help the management while using the systems. Technology policies can be said to be rules on what is expected of the employees as they use the company’s system as well as server. These policies include the acceptable use of the technology, security of the business data and IT services as well as the standard policies. With the growth in technology and how easy it is for information to be shared out there, a company needs to regulate the use of technology in their company. Technology can slow down your employees reducing their productivity in place of work. In using the company’s computers, there are actions that signifies that employees have read the technology policies in place and are responsible for any action that may be taken against them if anything goes wrong (iMedia, 2014). If an employ abuses use of internet, social media or email, they may be denied future use and are also subject to a disciplinary action.
History of the Policy
The greatest threat to a company may be loss of information due to data breach. It has recently come to the attention of the company that half of our computers have been affected by a virus. The virus was as a result of a screen saver that was downloaded from the internet. The workers seem to be using the internet to access other sites other than work related sites which has led to exposure of our systems to outside threat. These has put our network at a risk from being hacked or from an intrusion. I have also been contacted by a network administrator that they have suffered from a DDOS attack and some of the incoming traffic on their site is from our workstations. The workers seem to be using their devices for personal use including connecting laptops to public Wi-Fi putting our systems at risk of being attacked. This has prompted the company to improve on the technological policies in place to ensure all employees understand proper use of IT tools in the office ensuring there is security and confidentiality. Reviewing the technological policies will ensure as a company we have a smooth running.
Prior Weakness in the Policy
There are several weaknesses that has presented themselves on why there needs to be a review of the technological policies. The first is in the recent past there has been an increased misuse of internet use by workers. Most people are using the company computers to access their social media platforms including Facebook, twitter and Instagram. It is therefore important for everyone to understand that they need to ensure that office computers should not be used to access these sites. This is because these sites at times contain ads which are not genuine, a click on these ads may actually be a bait by hackers and they may get access to our servers and important information to our site. It is important that employees understand that they cannot send their personal emails using the work accounts. The work emails were created purposefully to ensure that workers access all company emails and they are able to send emails related to work also. This ensures protection of the company data (Zahra, 2003). Most people have not also activated the two step authentication on their emails this important in making sure if an unauthorized party accesses the email then one is prompted to take action
Another weakness has been use of public Wi-Fi while using company’s laptop or while doing companies tasks. Use of public Wi-Fi breaks both the confidentiality and appropriate use policies. Cooperate competitor attacks are among the most common forms of cyber threats. This occurs when an unauthorized party seeks access to proprietary IP such as financial, employee data, strategic information and any other work related information. The company has recently included a Virtual Private Network (VPN) network to try and ensure even while working remotely all company’s data is safe. VPN is an extension of private networks including links that are shared such as the public network. VPN ensures that one can encapsulated and encrypt private network traffic before it moves to intermediate network. It is important that while one is working remotely, they connect to the cooperate server in a secure way. One can be able to access all information needed remotely and reduces the risk of cyber-attacks (Diab, 2008). The use of public Wi-Fi is also heavily discouraged even in trusted coffee shops as hackers may use the Wi-Fi to create an attack on the company through just one computer that connects to the company server.
Rationale of the Policy
Implementing the technology policies in the company will be important in several ways. First just as stated before, cyber threat and intrusion from an unauthorized personnel are not likely to happen. Protection of company’s data should be important. If hackers get unauthorized access to company data, it may be detrimental as they may need to pay the hackers to regain back control of the system. They hackers may access information that they may sell to the company’s competitors such as the company’s strategic information. It is thus important that workers understand the ways they can protect themselves from attack by following the technological policies in place such as use of VPN network, avoiding public Wi-Fi, avoiding use of work laptops and computers to access personal social media platforms or receiving and sending personal emails that are not work related.
Technology policies also highlight measures that should be taken in case of a disaster in order to ensure continuity. Despite of the company’s sized, there needs to be a policy that ensures continuity as this ensures prompt actions are taken if data loss occurs or even natural disasters such as storms. These includes ensuring there is back up where company data information is stored. Data loss can happen in just minutes and if a company’s data backup is a single computer chances are the information may be lost for good. One of the best ways to back up data is using online backup data storage. Cloud computing has been identified as the best way to store information especially for small companies (Fischer, 2013). Cloud services can still be prone to data loss from hacking or sabotage by the company’s employee an example in this case is a recent case of an employee who was fired from Indianapolis-based American college, he decided to change the administrative passwords online preventing the college from accessing data. In securing online clod data, it is important to have strong passwords and to change them regularly.
Rationale of Government Intervention
The United States for the longest time have invested in cyber security and implementing technological policies in all government agencies. Being a superpower, there are thousands of attempts every single day be hackers to try and access the US systems for important information such as security data, infrastructure, government information among other things. According to a report by Symantec’s Internet Security Threat Report, 42% of attacks were directed to small companies. Cyber threats and attacks have a huge economic impact on the US economy. According to a report by Director of National Intelligence, cyber intrusions costs 50-110 billion. Managing a cyber-attack after it has already occurred is often quite challenging and that is why most often prevention measures are put in place to ensure that the attacks do not happen in the first place.
There are several high-ranking attacks that have directed towards the Us business. A good example is the Sony attack. 24th December 2014, a group called Guardian of Peace leaked very confidential information from Sony Pictures including salaries of employees, emails from celebrities, personal information of employees and celebrities as well as some unreleased film. This was after the company aired a movie known as The Interview that painted North Korea leader as bad leader and needed to be assassinated (Haggard, 2015). Such acts have prompted the government into becoming more vigilant and ensuring technological policies are in place ensuring proper use of computer equipment’s, protection of data, continuity after an attack and preventing unauthorized access into the system.
The aim of this technological policy will be to ensure employees are aware of threats associated with improper use of computers. Employees need to learn proper uses of IT resources in the company to ensure maximum productivity thus maximum profits. Proper use of IT resources will also ensure preventive measures are taken in ensuring data breach and intrusion of the company data does not happen. It is important for employees to understand which emails they may open and which ones to avoid to ensure they do not download a malicious link infecting the whole system.
References
Diab, W. B., Tohme, S., & Bassil, C. (2008, March). VPN analysis and new perspective for securing voice over VPN networks. In Networking and Services, 2008. ICNS 2008. Fourth International Conference on (pp. 73-78). IEEE.
Fischer, E. A., & Moloney Figliola, P. (2013). Overview and Issues for Implementation of the Federal Cloud Computing Initiative: Implications for Federal Information Technology Reform Management. Journal of Current Issues in Media & Telecommunications, 5(1).
Haggard, S., & Lindsay, J. R. (2015). North Korea and the Sony Hack: exporting instability through cyberspace.
Posted by imediatech On December 27, 2014. (n.d.). The Importance Of An IT Policy For Your Business. Retrieved from https://www.imediatech.com/2014/12/27/the-importance-of-an-it-policy-for-your-business/.
Zahra, S. A., & Covin, J. G. (2003). Business strategy, technology policy and firm performance. Strategic management journal, 14(6), 451-478.