eastpointsoftware - EastpointSoftware Blog

IT policy examples Cyber crime prevention and staying safe online at work – Eastpoint Software

Eastpoint Logo

Not all businesses have a formal IT policy, and it’s something worth doing. The information shared here came from the cyber crime conference I attended last week in Cambridge, held by the county’s PCC. A broader overview of cyber crime in Cambridgeshire can be found in the previous blog post.

What is an IT policy?

You probably already know – a document or collection of documents that set out best practice for staff regarding cyber security, online access, emails, etc.

The aim to to stay safer by educating staff. By having an IT policy, staff should be aware of preventable issues and be able to respond quickly if something is amiss.

How important is it?

We need to do more to protect company data, according to the experts: http://www.cambridge-news.co.uk/Cambridge-companies-beware-cyber-attacks/story-28609175-detail/story.html

According to Cambridgeshire Police, one local medium-sized business went bust due to the extent of a cyber crime, and many companies are victims on a smaller scale (see more in this post).

What should be in an IT policy?

Below are some things to think about:

Movable storage

What is the policy on storage such as USBs? Can staff bring in personal USBs and use them on a work computer?


Who and where are you buying hardware, software and services from?

Are colleagues allowed to share passwords? Are all desktops and laptops password protected?

Network and remote access

Can you logon to the network externally?

Office access

Who can access your office? Employees, cleaners, visitors?

User privileges

Who has access to what?

Email links and attachments

Think about a policy on clicking links, or file extensions to be aware of. For example receiving a .exe file from an unexpected source should be a red flag.


Do you keep backups and who is responsible for them?

Locking devices

Are laptops or towers/monitors left logged in and unattended?

Two-step authentication

When I hear two-step authentication I think of banks or Google mail logins, where you have a password and a text, or password and security key.

It is also something else just as useful – literally getting a second authorisation before committing to a payment. A common way of scamming money relies on administrative staff not getting a second authorisation after receiving an email from the boss. This is called CEO spoofing (see more on CEO spoofing in previous blog post).


The policy should also include what to do in the event of a security breach (see previous article for advice on this).

IT policy examples Cyber crime prevention and staying safe online at work – Eastpoint Software

Eastpoint Software Mobile, Web Apps, eCommerce and MCommerce Development Company UK, London, Chelmsford, Richmond and Cambridge. Get in touch with us about outsourcing that part of the project. We have experience working with partners and agencies on software products. Call us on 01223 690164 or Mail us: info@eastpoint.co.uk to discuss what you need and how we can help.

Visit us: http://www.eastpoint.co.uk/

Share on Facebook Back to the blog


Panel title
Antal besøg: 202134

Lav en gratis hjemmeside på Freewebsite-service.com