| By

5 IT Policies No SMB Should Be Without

Photo: Pexels

5 IT Policies No SMB Should Be Without

By David Stidham, Operations Manager at Cenetric

One to-do item growing companies often overlook is setting the right IT policies. When Kansas City companies seek out our services, they’re usually looking for help with slow Wi-Fi or glitchy laptops, not rules for how your employees use your technology.

But strong technology policies actually play a big role in the tech issues you might need help with. By working with us to set up good policies, you can prevent employees from accidentally putting your systems at risk.

We’ve found that there are a handful that no business (yes, even the small ones) should be without. 

IT Acceptable Use Policy

At the very minimum, you need a policy that tells your team how they can use your systems. While your employees are trustworthy and probably have good judgement, laying out the rules is a must. 

We’ve all printed off a personal document or used our work laptop to pay a utility bill, so we’re not suggesting you be unreasonable. But think about things like whether your employees can stream the Royals game on your Wi-Fi while they work (chewing up bandwidth) or download a sports betting app on a company phone to put some money on the Chiefs.

To protect your business, your policy should cover who can use your systems, how employees can use the internet, and how data should be used and stored, among many other things. (Not sure what exactly to include? We can help!

Password Management Policy

Passwords are tricky. They should be updated regularly, but 60% of people in a 2025 Bitwarden survey said they find it stressful to manage their passwords. And it is pretty stressful – we all have dozens to remember, so we tend to reuse the same one over and over across various sites and tools. But that’s where a Password Management Policy comes in. 

To protect your business’s systems, your policy should outline the required length and makeup of passwords, define how often they should be reset, and require them to be unique. 

Instead of a string of letters, numbers and characters, we recommend using passphrases of four or more random words separated by characters (such as Sock.forest.screwdriver.Paper — nothing that makes a real sentence). They’re a bit easier to recall and a lot harder for attackers to guess. 

Bring-Your-Own-Device (BYOD) Policy

Accessing company networks and apps from a personal device is often more convenient for your team, but it can also jeopardize your organization’s security. From sensitive company data winding up on a device you don’t own to the perils of phishing, there’s a lot that can go wrong if you don’t have a BYOD policy set up.

Similar to an acceptable use policy, a BYOD policy protects your organization by limiting how employees can use your systems and applications from their personal devices. When they’re using a device you don’t own and provide to them, employees should have restrictions on how they access your data and systems. (We recommend allowing access only through a VPN with multifactor authentication [MFA].)

Make sure you cover what an employee should do if their device is lost — will someone be able to gain access to your systems if they leave their personal laptop at the airport by accident? Establish procedures to report lost or damaged devices so you (or your managed services provider) can act quickly.

AI Use Policy

AI tools are inescapable these days, but it’s important to understand the range of AI solutions available so you can decide which you want your employees to use — or stay away from.

AI tools that were designed for a specific use, are compliant with the necessary regulations for your industry, and use your own data can be a great addition to your tech stack. For example, tools like AI chatbots that are trained on your customer support conversations and company guidelines can be a big help if your support team is getting overwhelmed. 

Generative AI tools like ChatGPT, Claude or Copilot are another story. With these tools, you need a firm policy to define how (or if) they can be used. Many companies sanction the use of Microsoft Copilot because it offers tighter controls over data access and a strong user permission hierarchy.

Others don’t allow LLMs like ChatGPT because of worries around copyright ownership or misuse of company data that can lead to data breaches. Without a policy in place, employees might unknowingly share your company’s intellectual property or customer data with an LLM, causing big problems if there’s a breach.

Sixty-three percent (63%) of companies in a 2025 IBM data breach study said they don’t have governance policies in place to manage AI or detect unauthorized use, so if you don’t have a policy, you’re definitely not alone. It’s a lot to take in, but our team can help you figure it all out. 

Travel Tech Policy

A travel policy might sound like more of an HR concern than an IT one at first, but how your team uses technology on the road can have a huge impact on your systems back at the office. 

We advise you to include these items in your policy for using company IT resources when traveling:

  • Don’t use public Wi-Fi connections, including airports, hotels or restaurants. Hackers can exploit public Wi-Fi to take control of your company’s systems in a heartbeat. Instead, using their phone’s cellular connection is the safer option.
  • Only access company systems through your business’s VPN, which should be protected by MFA.   
  • Don’t use USB charging ports in public spaces. Called “juice jacking,” criminals will use malware to take control of a device that’s charging in a public USB port. Encourage employees to keep portable chargers with them when they travel instead.

Let Cenetric help your Kansas City company untangle IT policies

Every company needs some IT policies in place, but when you’re not an IT expert, it’s hard to know which ones you need and what they should say. The pros at Cenetric know which are essential and can help you determine if there are any other specific policies your company should adopt to protect your unique business. 

Looking for IT support right here in Kansas City? Cenetric has the experience and availability you need to keep running smoothly 24/7. Tell us about your organization and we’ll be in touch to get started right away.

Sign Up to Receive Articles and Exclusive News
Be the first to get the latest Cenetric updates and exclusive content straight to your inbox.
Invalid email address