IT departments need to have rules in place to cover shadow IT, VPN use, and SSL management as well as a robust security incident response plan.
Taking time to develop IT policies is an investment in the future that not only will reduce stress on the IT team but keep networks safer. With more employees working from home, it becomes more important than ever to address security risks, shadow IT, and VPN use.
This collection of IT policies from TechRepublic Premium makes it easy to put in place clear guidelines for both IT team members and other employees. Even if you have policies in place that cover how to manage SSL certificates or to respond to security incident responses, it’s worth taking the time toreview and/or update. New threats pop up all the time, and policies should reflect what security teams have learned from previous attacks as well as new operating conditions that have developed since the policy was first written.
Workarounds are a part of every office. When a formal policy starts slowing down productivity, people look for a simpler way to get work done. Sometimes these changes improve processes, but end runs also can increase security risks. This Shadow IT policy will help IT departments make these risks clearer to employees who may be making their own decisions about tech infrastructure. The policy also provides guidelines for the appropriate use of shadow IT, explains the restrictions that will apply to it, and defines roles and responsibilities.
SSL certificates may be fundamental to secure IT operations but they are also easy to forget about in the rush of day-to-day operations. Having a policy in place and defining responsibilities for managing and monitoring these certificates will reduce the chance of unexpected problems. This SSL certificate best practices policy from TechRepublic Premium will guide you on how to issue, manage, revoke, and renew certificates.
This VPN usage policy from TechRepublic Premium outlines the best practices for IT to deploy and secure virtual private networks (VPN). It defines acceptable use policies for end users on corporate-issued and personal devices. You’ll also also find advice on managing equipment provided by the company as well as personal equipment. As working from home is becoming more common, companies should consider subsidizing the cost of home internet connections. This policy includes a section on how to address that cost, if your company decides to cover it.
It’s a question of if, not when. That’s the common wisdom about security breaches. Security teams need a plan of action ready to go as soon as a breach is detected. This Incident response policy from TechRepublic Premium explains how to devise a plan that allows a quick, precise, and efficient response. This includes the definition of an incident, advice on who should be on a response team, and suggestions on how to document the incident so that security teams can better prepare for future attacks.