When protecting an organization's data from loss, misplacement, or improper use by end users, IT consultants can't worry about being popular. Someone has to take the lead, and IT is best positioned to inform users how files should be accessed, how data should be stored and on what medium, and what happens when those rules are broken or representatives leave the organization.
TechRepublic's file storage policy provides a ready-made template that organizations can use as is or customize. The policy reinforces the importance of properly securing, accessing, and storing information. Organizations should use the template as a tool to help prevent data breaches and to properly manage violations that occur.
Inform and educate users about the policies
IT professionals take great pains to protect data, lock down systems, tighten networks, and design and implement electronic controls that enforce organization policies; unfortunately, errors still happen and failures do occur. Also, end users are often confused as to who owns the information and data contained on organization-provided servers, computers, and devices. There should be no confusion.
While written policies don't prohibit salaried employees, hourly staff, field agents, and other users from improperly accessing files, storing data on prohibited media, or otherwise violating data storage rules, a well-designed policy helps set expectations. By having employees and other staff (basically anyone who accesses organization data) read the file storage guidelines and sign a document stating they have read and understand the terms, organizations at least know users are educated about the policy's purpose, data storage rules, and potential noncompliance penalties.
The organization should inform users that any and all data and information accessed from and stored on organization systems and equipment is company property. Users that store personal documents, email, photographs, and other files on the company-provided computers and devices should be aware that those files automatically synchronize back to the corporate servers. Further, these users should be informed that, upon their separation from the organization, all the files and the information on company-provided systems and devices remain corporate property.
In addition, the policy makes it explicitly clear that users are not to store any organization information on unauthorized systems or devices, including audio players (such as an Apple iPod), ubiquitous thumb drives, portable hard drives, and similar devices. The wide popularity of these devices almost assures that most users possess them. IT departments and consultants must take steps to ensure users understand the devices are not to be used to store organization data, except where expressly authorized. While automated group policy and other controls are a first line of defense against physically precluding users from storing data on unauthorized devices, written policies help ensure there are no misunderstandings and help enforce rules and guidelines when violations occur.
Download the file storage policy policy
Download and implement TechRepublic's file storage policy to help educate users as to the proper methods of accessing and storing organization data. When this tool is properly leveraged, it helps strengthen an organization's data security.Get weekly consulting tips in your inbox TechRepublic's IT Consultant newsletter, delivered each Monday, offers tips on how to attract customers, build your business, and increase your technical skills in order to get the job done. Automatically sign up today!
Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president of Eckel Media Corp., a communications company specializing in public relations and technical authoring projects.