Managed cybersecurity service Bay Area

(510) 272-4701



IT Policies and Procedures: The Missing Piece of the Cybersecurity Puzzle


New technologies have emerged that allow unprecedented efficiency, freedom and functionality e.g. cloud services, mobile computing, etc. However, they also introduce new risks that are harder to control and have higher impacts when something goes wrong. Technical measures, such as data backups and virus protection, are important for maintaining cybersecurity. 


However, they are only a part of the puzzle. They don’t protect organizations from: employees who take customer lists when they leave, internet downloads that slow internet connections or systems administrators who peak at email containing HR information. IT policies and procedures can protect against this.  


While there is no such thing as 100% cybersecurity, the following in combination with appropriate technical measures, will provide organizations with a very effective level of protection.

      Ensure that staff knows cybersecurity do’s and don'ts


    Ensure that staff has sufficient resources and skills to exercise its cybersecurity responsibilities 


    Ensure that staff knows what to do in case critical IT services are unavailable 

      Ensure that cybersecurity is considered in job performance appraisals and results in appropriate rewards and disciplinary measures


    Ensure that staff has been vetted, especially staff in sensitive roles


    Ensure that the organization is not dependent on one individual for any key IT or cybersecurity tasks                     
    Ensure that privacy and intellectual property rights as well as other legal, regulatory, contractual and insurance requirements have been identified with respect to cybersecurity





    Ensure that cybersecurity aspects have been considered in all service level agreements and the security competence of the service providers has been assessed


    Ensure that cybersecurity guidance and contractual obligations for e-commerce and electronic payment exist
    Ensure that applicable cybersecurity measures have been implemented, tested and kept up to date (e.g. data backup, archiving, access control, insurance, etc.) 



    Ensure that software patch installation and computer network maintenance procedures are followed
    Ensure that access control and connectivity rules for internal and external users have been implemented based in business need and risk                         
    Ensure that important computer equipment is safe from theft or damage (e.g. keep laptops and mobile phones on your person, ensure data backups are sent offsite, use operating systems with encryption on laptops) 


      Ensure that cybersecurity is an integral part of the application development process




    Ensure that a business continuity program is established, implemented, tested and kept up to date                     



    Ensure that there is a cybersecurity program in place based on IT risk, gap analysis and computer network performance monitoring                                               


If the bottom line is higher on your priority list than cybersecurity or reputation, policies 1, 2, 4-6, 11 and 15 can prevent many of your more expensive IT support incidents.

Ready to learn more? Get the latest Xantrion news and IT tips.


Like leading SF Bay Area based MSP Xantrion on Facebook Award-Winning Bay Area managed IT service provider Xantrion is on Linkedin Follow top Bay Area MSP Xantrion on Twitter