Guide to Starting and Operating a Small Business | 2018 Guide to Starting and Operating a Small Business - Page 55

Technology Acceptable Use Policy “Acceptable use policies” are important guidelines and expectations a business should provide for employees to understand what is or is not allowed in the use of company-owned property. You may already have policies defining the acceptable use of company vehicles, copies, or other types of machinery and equipment. Given the high level of technology integration in businesses today, having an acceptable use policy for your company’s technology equipment and systems is extremely important. You may also wish to add policies regarding acceptable or prohibited use of personal technology devices in the workplace. Acceptable use policies serve as a means of limiting your liability should an employee misuse company equipment; they can also serve as a means to limiting workplace and workflow disruption. A technology or other acceptable use policy should be understood by every employee, and acknowledgement of the policy or policies documented by a signed and dated receipt for the policy document. More information and sample Acceptable Use Policy documents can be found from organizations such as SANS at www.sans.org/security-resources/policies Data Back-Ups While many of your records are likely to be maintained in some paper form for day-to-day operations purposes, businesses have come to rely heavily on computer-based technology for the majority of business recordkeeping functions, meaning that most or all of those records have an electronic file, likely stored on your hard drive. Having both paper and electronic copies of the same files is a simple method of backup, but not a fail-safe method. Having a backup of your files (especially electronic backup) that is stored off-site is important to help you recover in the event of a fire, flood or other unforeseen disaster. Simply having a backup is not necessarily good enough. Could you imagine opening a filing cabinet with all of your paper backups, only to find water had seeped in, destroying all your hard copies? As a business, you should periodically check and/or test your backups. This means checking those paper files; it means restoring information from an electronic backup and verifying you could continue operating from those backups. Checking at least once a year, and preferably at least every quarter, is recommended. If your electronic backups are not properly configured and monitored, you may be in for a nasty surprise when you need them. Also keep in mind when using an Internet or “cloud-based” system for offsite backups, that in the event of a disaster, you may need access to your backups without an internet connection. A good backup solution will have both on-site and off-site backups. Cybersecurity As businesses have become increasingly engaged in internet/online business activity (sales, vendor purchases, email, marketing, website, e-commerce, and much more), your entire business can be quite literally IN your computer’s hard drive and online system tools. Protecting your business from online threats has become a critical consideration for every business – especially small businesses. Key items such as the sharing of passwords, use of personal devices (smartphones, tablets, etc.) on business systems, and the reporting of possible security breaches should be covered in a signed policy document such as your Acceptable Use Policy. You can also complete the Cyber Security Canvas (Appendix H) to begin planning the steps needed to protect your small business from cyber threats. Review the RansomwareDos and Don’ts Guide (Appendix I) to know how to respond to a potential ransomware attack. For more information about cyber security for small business, including a cyber security assessment, visit our Small Business, Big Threat website at: https://smallbusinessbigthreat.com 53