Acceptable Use Policies Can Save Your Business

Policy, procedure and process.

I was asked recently why do I need a computer policy?

The short answer? It’s the law.

Massachusetts 201 CMR 17.00 Compliance

In Massachusetts, the law 201.cmr.17 clearly states that a business must have a clear and defined polices when it comes to internet and data access for their employees. To quote the purpose section directly:

This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.

MA Privacy Law Compliance for Your Business

What does this mean for businesses? If an employee decides to copy client’s data to an external drive or an external network and their is no company policy in place, it could possibly cause a tremendous amount of fines and penalties when it comes to data loss and lack of accountability that comes from a data breach.

The other problem is failure to prevent the data loss can also mean something larger when it comes to their clients data. If they are so careless with your clients data, it shows that they could be careless with your companies intellectual property such as client list, client information and more. Nothing is worse for a business owner than their client and accounting information to fall into their competitors hands.

Reviewing Your Company Policies

What we recommend to our client is to review their client handbook and their company policies when it comes to networks, computers and mobile devices. Many times our clients and some new ones are surprised when we ask for a copy of their handbook so we can make modifications.

Many attorneys believes that they do a great job when creating an acceptable use policy when it comes to their clients networks, but from an IT perspective, it can always be tightened up. From social media, mobile devices, flash drive, and password policies, it is imperative that we advise clients to have us review it so they are not at risk to penalties and data loss. Too often there is the one-two punch of losing client data, and then losing clients. Let us help you be proactive.

The Importance of a Clean Background in IT

The importance of having an IT staff with impeccable backgrounds.

In our line of work we have many keys to many kingdoms. That also means that we need to be more secure than all of our clients. That includes not only complex passwords, multi-authentication techniques, tokens and everything is secure. Because of the risk of having breaches within the network not only from a technological standpoint but from a personnel standpoint we have to go above and beyond when doing background checks for our employees to make sure they have a clean background. This also includes asking more pointed questions, a more in depth background check, and checking military and government clearances.

Why a Clean Background so Important?

We have many different clients, from schools, businesses, non-profits, banks, to military and government, and we cannot risk giving our clients IT technicians that do not have a spectacular background. With those types of clients we interact with data and information of an extremely sensitive and personal nature. HR information, financial account information, medical data, and more are presented to us on a daily basis.

Nothing is worse than having to present to your clients that your IT person decided to steal your data and or abuse their authority within your network, and that is why we need to be extremely proactive and not reactive when it comes to personnel.

A Real Life Example

Why are we discussing this? As we grow, we submit proposals for clients. In some proposals we win and some proposals we lose, that’s the nature of the game. We had submitted a bid to a client and lost. It happens. About two weeks later we received an email from the company asking us to come in. We did.

What was explained to us was the company we lost against had failed its background checks for its technicians. Due to the nature of the client, the risk was too great and the contract could not continue. So we picked up where they had started and the businesses continues to be a client to this day. Due to the sensitive nature of the information all of our technicians and personnel had to be background check, which ours did with flying colors.

The Importance of Trusted Staff

Triton Technologies prides itself on the extreme background checks that we do for our people from level I technicians to even the CEO Trave Harmon. Most of our employees are ex-military, government, or have worked with the police in some capacity. We are background checked multiple times a year, and it is made very clear to our employees that any issues that should arise and must be brought to our attention immediately. This ensures that our clients get the absolute best, secure, and highly trained personnel that we can deliver.

As a business owner in the state of Massachusetts with 201.CMR.17, you need to take extreme due diligence when outside contractors access your data. With that regulation in mind clients who work with Triton technologies can be assured of compliance with that regulation. Let us help.