IT Administrator Policy
As with many things business documents need regular review. As accountants, we have a lot of sensitive data that we need to protect and keep secure. Having just conducted our annual review, what follows is a guide to the key features of any IT administrator policy.
Device Inventory
Having a device inventory allows us to keep track of what devices we have and who has which device. We have used this also to see which devices have gone through our set-up checklist to make sure that all devices are at the same level of access and permissions.
User/Device set up
It’s easy for security measures to get forgotten with new employees and devices. Therefore we have created a repeatable template and checklist to make sure nothing gets missed. Supporting this it is useful to have video guides.
Antivirus
Starting with the basics around set up, we need antivirus. Within Co- we exclusively use Chrome devices which have antivirus built into them. As a result, we don’t need to worry about other software for this. In other businesses, this would be required to protect you and your data from malware.
Password Management
One of the most likely ways that systems are maliciously accessed is by passwords being stolen or breached. Password logins are commonly bought and sold on the dark web. We need highly secure passwords that we can change easily and can vary from site to site, which brings us to the need for password management software because holding many complex passwords in one’s memory is simply impossible. For this we are big fans of Last Pass.
In fact the Last Pass system offers a lot more than basic password management, scanning the dark web for stolen passwords and giving users a security score that can be worked on over time.
Two factor authentication
Two-factor authentication is a key tool to be used where possible. Specifically, Xero should have this set up to keep your information secure.
Idle Settings
Looking at the idle settings of the devices we use can provide that bit more security especially when working from home more. These settings allowed us to make sure that if someone is away from their laptop for a period of time that the screen would automatically sleep. At Co- we wanted to make sure that the device would lock so that whenever it would be used again a password would be required in order to use the laptop.
Near Field Communication
Many devices allow nearby IT to interact with it. For example it is Near Field Communication that allows you to pay using Google Pay. The problem comes that it is also an entry point to a hacker. We recommend to think about whether you can do without it.
Update Management
Keeping devices updated with latest security patches is an important part of ensuring security is not breached. Check that your devices are updated on a regular basis to make sure that everyone is operating on the same system software and nothing is outdated
Spanning
Spanning is a system whereby data is backed up automatically. Whilst it will not prevent a security breach it means that if there is one, your data is easily retrievable.
Network Management / VPN
Making sure your networks are secure is important to prevent being hacked. All routers including home routers should have a secure password different from the supplier generated one. All networks should have a firewall.
Of course sometimes it is important to work away from the workplace or one’s home and here we will need to rely on the security of other people’s networks unless we have access to a VPN provider which essentially provides network security from wherever you access the internet.
In our current review, we have upgraded to Perimeter81 which takes VPN a step further and applies a secure connection attached to particular logins.
Training
A key part is to make sure that employees are trained in the policy, and they understand what is required from them when using the various systems.
periodic review
Naturally, tech is being developed at a great speed in today’s world. Therefore an important part of the policy is a periodic review, ideally assisted by an IT expert. For this, we can highly recommend our provider Foxability.