News and Insights – July 2016

The Hidden Costs of Outdated IT Policies in Argentine SMEs

As Argentine small and medium-sized businesses grow, many are beginning to feel the drag of legacy IT policies—rules and procedures set years ago that no longer reflect the pace of business, cloud adoption, or remote work. In July 2016, ignoring these policies can lead to productivity loss, compliance risks, and rising support costs.

Why Policies Matter More Than Ever

Good IT policies set expectations, improve security, and streamline decisions. But bad or outdated ones often go unnoticed until they cause a problem. An acceptable use policy written in 2010 may not account for mobile devices or cloud-based work apps. Backup policies based on local tape storage can leave teams vulnerable when data lives in multiple SaaS tools.

Common Outdated Policies We See in Argentina

• “No cloud apps” by default: Designed to prevent shadow IT, but now blocking productivity tools like Trello or Slack.
• USB drive restrictions: Important for data loss prevention, but often unreviewed despite new encrypted options.
• Password rotation every 30 days: Still common, even though modern guidance supports longer lifespans with MFA.
• Paper-based change requests: Slow approvals and encourage informal, undocumented fixes.
• Strict VPN-only access for remote work: Impractical for mobile-first employees working on tablets or shared Wi-Fi.

Costs of Not Updating Policies

Every week, we speak with SMBs facing problems that trace back to old policies. Files lost because no one updated the backup scope. Support delays caused by outdated workflows. Or worse, data breaches due to unclear security responsibilities. Even when nothing fails outright, your staff wastes time working around restrictions that don’t make sense anymore.

What a Modern IT Policy Should Look Like

Modern IT policies are short, focused, and role-specific. They support the business strategy rather than hinder it. They use real-world scenarios and are reviewed at least yearly. Here are four examples of updated policy components:

• Cloud Usage: Define approved platforms, storage policies, and usage review cycle.
• Remote Work: Establish device standards, support boundaries, and security guidelines.
• Incident Reporting: Simple process to report lost devices, strange activity, or phishing.
• BYOD (Bring Your Own Device): What’s permitted, and how company data is protected and removed.

How to Begin an IT Policy Overhaul

1. Start with a quick audit. Identify what policies exist, which are in use, and who owns them.
2. Prioritise based on risk. Backup, access control, and cloud usage usually top the list.
3. Update with simplicity in mind. Use plain language and 1-page summaries where possible.
4. Train your team. A policy unread is a policy unenforced. Incorporate updates into onboarding and team meetings.
5. Review annually. Set a reminder each July to validate relevance and coverage.

Bonus Resource

Here is a simple policy review starter guide to help identify and prioritise updates in your environment.