There are some passwords that need to be guarded very heavily. Domain administrator passwords are a great example.
But there are all kinds of other "less important" passwords and codes that need less security. But they still need some attention. These include the passwords for employee voicemail, access codes for the office gate, the garbage bin, the alarm system, and so forth.
There is a tendency in very small businesses to either give the same passwords/codes to everyone or to share these freely and openly. That's actually not bad in most cases. But you really should have a simple 1-2 paragraph policy for each of these things.
The gate code, the code for the bathroom, and the code for the garbage bins can all be posted on the wall as far as I'm concerned.
With alarm codes, however, I believe that each employee should be assigned a unique code. After all, that's one of the built-in features of an alarm system. It will log entry and exit times for everyone. Well, if everyone uses the same code, that's useless information.
And then an employee leaves the company. They have the alarm code. And I know we shouldn't suspect everyone of being a criminal, but it's just prudent to disable codes when employees leave. Think about it: Someone crowbars the front door in the middle of the night. They enter in a code and the alarm never goes off.
One of the main reasons I've heard for using the same code is that no one knows how to enable or disable alarm codes. Well, I know someone who DOES know: The alarm company! Call them and ask for a quick walk-through. Write down the steps and type up a procedure. File it in your Processes and Procedures folder. Then print out a copy and put it in the alarm company file in your filing cabinet.
Voicemail
Voicemail is another interesting one. Here there are two major schools of thought. One is "open" and one is personalized.
What's the deal with voicemail? Well, of course everyone needs voicemail. But this is company voicemail. That means that it is company property. If a technician leaves the company, or is out sick, you may need to access that voicemail and make sure nothing important is being lost.
In the personalized approach to voicemail setup, you allow everyone to set up their own password. This means that, in certain circumstances, you will need to go into the voicemail system as administrator and change that password in order to access those voicemails.
In the open approach, you set a standard policy for all passwords. For example, 5 followed by the extension number. So x101 has password 5101, x108 has password 5108. In this approach, you just have to feel confident that people won't mess with each others' voicemail. It has the real advantage that you don't have to change passwords when someone's out sick. Of course if you need security, this kind of password system won't work.
Of course you might have different policies for desk phones and cell phones, if the company provides cell phones.
The bottom line . . .
You should determine the level of security you need for all these pesky little things. While these are mostly minor items, you should write up a quick policy for each and file them with all your other policies.
And, of course, make sure that all of your staff are informed about the policies as part of their onboarding process.
Comments welcome.
- - - - -
About this Series
SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.
Find out more about the series, and view the complete "table of contents" for SOP Friday at SmallBizThoughts.com.
- - - - -
Next week's topic: After Hours Work
:-)
But there are all kinds of other "less important" passwords and codes that need less security. But they still need some attention. These include the passwords for employee voicemail, access codes for the office gate, the garbage bin, the alarm system, and so forth.
There is a tendency in very small businesses to either give the same passwords/codes to everyone or to share these freely and openly. That's actually not bad in most cases. But you really should have a simple 1-2 paragraph policy for each of these things.
The gate code, the code for the bathroom, and the code for the garbage bins can all be posted on the wall as far as I'm concerned.
With alarm codes, however, I believe that each employee should be assigned a unique code. After all, that's one of the built-in features of an alarm system. It will log entry and exit times for everyone. Well, if everyone uses the same code, that's useless information.
And then an employee leaves the company. They have the alarm code. And I know we shouldn't suspect everyone of being a criminal, but it's just prudent to disable codes when employees leave. Think about it: Someone crowbars the front door in the middle of the night. They enter in a code and the alarm never goes off.
One of the main reasons I've heard for using the same code is that no one knows how to enable or disable alarm codes. Well, I know someone who DOES know: The alarm company! Call them and ask for a quick walk-through. Write down the steps and type up a procedure. File it in your Processes and Procedures folder. Then print out a copy and put it in the alarm company file in your filing cabinet.
Voicemail
Voicemail is another interesting one. Here there are two major schools of thought. One is "open" and one is personalized.
What's the deal with voicemail? Well, of course everyone needs voicemail. But this is company voicemail. That means that it is company property. If a technician leaves the company, or is out sick, you may need to access that voicemail and make sure nothing important is being lost.
In the personalized approach to voicemail setup, you allow everyone to set up their own password. This means that, in certain circumstances, you will need to go into the voicemail system as administrator and change that password in order to access those voicemails.
In the open approach, you set a standard policy for all passwords. For example, 5 followed by the extension number. So x101 has password 5101, x108 has password 5108. In this approach, you just have to feel confident that people won't mess with each others' voicemail. It has the real advantage that you don't have to change passwords when someone's out sick. Of course if you need security, this kind of password system won't work.
Of course you might have different policies for desk phones and cell phones, if the company provides cell phones.
The bottom line . . .
You should determine the level of security you need for all these pesky little things. While these are mostly minor items, you should write up a quick policy for each and file them with all your other policies.
And, of course, make sure that all of your staff are informed about the policies as part of their onboarding process.
Comments welcome.
- - - - -
About this Series
SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.
Find out more about the series, and view the complete "table of contents" for SOP Friday at SmallBizThoughts.com.
- - - - -
Next week's topic: After Hours Work
:-)
Now Available:
Seminar on MP3 Download
This is an audio program with the PowerPoint slides in pdf format.
Includes one MP3 audio file, one PowerPoint slide deck, and one client-facing advertising example. All delivered in one zip file.
This seminar is intended for small computer consulting firms that want to learn how to develop profitable cloud service offerings for their smallest clients.
Save 20% - Now Only $39.95 !
|
No comments:
Post a Comment
Feedback Welcome
Please note, however, that spam will be deleted, as will abusive posts.
Disagreements welcome!