The Holiday Season is behind us and a new year is ahead. We have all made our resolutions to be wiser, healthier, and wealthier. This week we are all back to work with a new excitement about IT Policies…
Policies are similar to resolutions except they are made to be kept. Every new year we make resolutions based on where we are at the end of the last year. Maybe it is a few pounds we put on and want to lose or maybe we are looking to advance our career so we resolve to learn a new skill. My point is that we change and the world around us changes so we need to make changes to policies that fit where we are today.
Let’s think back to when social media was new. We didn’t have any policies governing social media use so we had to adopt new policies. Some companies banned the use of social media altogether. Is that feasible in today’s world? Probably not. Have you changed your policies to reflect what is realistic in 2017?
How have things changed around us that need to be addressed? There was a day when hackers wanted credit card information, Social Security Numbers, or your bank account number. But now they can just encrypt your files and ask for money to get them back. Have you updated your policies and training to reflect new types of attacks?
As the Internet of Things continues to grow, have your policies kept up? What is your policy about someone bringing an internet ready coffee-maker to the office? With all the new gadgets people got for Christmas, are you ready for people wanting to connect their latest tablet?
This is a great time of year to begin thinking about what is new and what needs addressed in your policies. Let’s resolve to really update our policies to address new threats and realities rather than just getting them approved for another year.
Throughout his time at YHB Curtis has provided IT audit and consulting to clients, even while holding the position of the firm’s IT director for several years. Now, as head of the YHB Risk Advisory Services Team, Curtis focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services. Also, he frequently speaks and gives presentations on SOX compliance, internal controls, and data security.