7 Tips for Better IT Policy Awareness Building and Enforcement

hand drawing a check mark on blackboard  made of Compliance related words: rules,control, governance, respect, law, strategy, conformity, regulation, standards, guide, risk.
  • August 2, 2017
  • Print This Post

Need more reasons to prioritize IT policy awareness and enforcement? Consider these recent sobering cyberstats: six in ten small companies hit by a cyberattack go under within six months. Nearly 80 percent believe they are safe from viruses, malware and breaches. Yet 83 percent have no formal cybersecurity plan. It’s not hard to imagine companies extending this no-plan, no-policy thinking to acceptable use, data protection and other strategic IT functions.

As discussed in a previous post, written IT policies are critical because they clarify how employees are to use (or not use) workplace IT and detail the consequences for violations and abuse. But unless employees know and understand what’s in these policies, and begin to “own” them, compliance will remain low and your risk exposure, high.

How to Build IT Policy Awareness

In secure and successful SMBs, the old binder-on-a-shelf approach is out, replaced by a proactive, multi-part awareness-building strategy which includes: regular training and briefings, and ongoing companywide reminders, such as newsletters, posters, placards, user log-in screen prompts, and IT team emails.

Your IT Managed Services Provider (IT MSP) will have plenty of wisdom to share on the subject, but these tips for refining IT policy awareness programs may also be helpful:

  • Refresh your content: it’s tempting to use materials that are a few months old. A better way is to update and distribute reminders regularly. New cyberthreats emerge almost daily, so keeping awareness levels high can pay both immediate and long-term dividends.
  • Include everyone: make IT policy awareness mandatory for all staff, including execs, who are increasingly targeted by whaling attacks; leading by example goes a long way, especially in smaller firms.
  • Know it’s not one-and-done: com says that employees must be exposed to a policy five times before they assimilate its meaning and importance into their work routine. This alone is reason enough to step up your IT policy awareness and training efforts.

IT Policy Enforcement

Enforcing IT policies gives them teeth, and when done publicly, grabs attention and boosts compliance, says Dr. John Halmaka, CIO of two prominent East coast medical facilities and steward of more than nine million HIPPA-regulated records. “You need public executions,” Halmaka says metaphorically, to “reinforce good behavior and protect resources.”

Perhaps. But not every IT policy infraction is malicious nor should all missteps result in immediate termination.

Depending on the intent and nature of the violation, companies may want to take a more measured approach, such as issuing a verbal warning for the first offense, a written reprimand for the second, and if there’s a third, termination.

Effective, non-confrontational IT policy enforcement can also happen behind the scenes, by creatively combining firewall rule sets, router blacklists and URL blockers, as well as content and email filtering–all of which fall into the wheelhouse of an experienced IT MSP.

But until you have that conversation, remember to:

    • Be efficient: only document policies you intend to enforce
    • Be thorough: Provide easy, regular access to all IT policies
    • Be firm, fair and consistent: Make sure employees read policies, agree to abide by them and fully understand the system of behavior monitoring and enforcement.

Need Help With
Your IT?

Find a Location


Need Help with your IT?

Find a Location
Near You.


into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter


ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.