Crackdown: How IT policies get made

A Vancouver, B.C.-based car dealership has enhanced customer service and increased sales after implementing formal IT processes and procedures to streamline a previously “unstable” IT environment.

Eagle Ridge Pontiac Buick GMC was plagued with frequent network crashes, malware, expired software licences and foreign software programs that employees would install at will.

Eagle Ridge Pontiac’s business development manager, John Thomas, recalled systems bogged down and incapable of efficiently performing crucial processes like customer transactions. “They had to reboot a system two or three times just to process a deal. It was painful, very slow. In some cases, it would have been faster to use pen and paper.”

Thomas said the general lack of technology expertise in the automotive industry was in part to blame, nor did Eagle Ridge didn’t have formal IT processes and procedures in place for employees to follow.

Many of the 85 or so employees would regularly upload software on their work computers that they brought from home. “Due to denial or oversight, if someone doesn’t have the software they have at work, they take the software from home and load it in the office,” said Thomas.

That doesn’t happen anymore, he said, since implementing and enforcing rigid processes around the use of technology at work.

Overall, the E-Policies he created dictate that “all systems are used in an intelligent and professional manner.” In other words, he said, “don’t bring software from home, don’t play games at work, don’t use Instant Messenger to chat with your buddies all day, don’t download stuff off the Internet. It’s about the business.”

Not surprisingly, one policy prohibits downloading copyright materials without permissions. Another prohibits any use of software or hardware not licensed or approved in writing by Eagle Ridge. “If we haven’t purchased it, it’s illegal on the network,” said Thomas.

Another policy is around handling access to the network. It dictates that restricted access be used by the designated user and not shared among staff. “It’s not for everyone they know, and [the password] not to be posted on a sticky note.”

In the same vein, client information stored in the company database is private.

He said the E-Policy isn’t solely about avoiding possible legal ramifications, rather “the key is the security aspect – that’s the number one reason to get aboard in the program.”

“We’re a car company. [Customers] have to trust us. They have to feel confident that we’re professional enough to handle their [personal] data in the right way.”

Thomas recalled the recent TJX security breach involving the theft of customer data. He said although larger companies are generally targets of such data scams, “that can happen to SMBs as well.”

To help track its software assets, Thomas said Eagle Ridge used Microsoft Corp.‘s Windows Genuine Advantage (WGA) program, an anti-piracy system that makes users validate the authenticity of their copy of Microsoft Windows when accessing services such as updates and patches.

Whether people unwittingly or intentionally purchase pirated software, they are exposing themselves to hazards associated with unlicensed products, said Microsoft Canada Corp.’s Elliot Katz, senior product manager for Windows client.

He said consumers and businesses who use pirated software cannot be certain that the copy won’t introduce spyware, or have faulty code that may cause the application to run properly.

“When people create pirated software, they usually don’t have resources to do due diligence, to make sure they’ve got everything copied onto the CD properly,” said Katz.

Missing or faulty code, he said, could cause systems to be unreliable, unstable, suffer frequent crashes, and run very slowly.

Ironically, Microsoft’s WGA program came under fire upon its release last year, when anti-spyware makers accused it of acting like spyware, by collecting hardware and software data about a user’s computer and sending it to Microsoft servers. Microsoft faced a class-action suit in this regard, from those contending that WGA violates consumer protection laws in the U.S.

Thomas said that although Eagle Ridge’s E-Policies are well accepted, and the company now “experiences the benefit of streamlining the whole [business] process”, there was initially some resistance to the change. “Prior to implementing regulations, nobody thought there were any regulations – and that was the downfall.”

Comment: [email protected]

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs