SMB Security Means Putting Policy First - InformationWeek
IoT
IoT
Government // Mobile & Wireless
Commentary
1/21/2011
10:18 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

SMB Security Means Putting Policy First

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)The range, variety and sheer number of threats small and midsized businesses face can distract us from anything other than trying to keep our defenses up -- and up-to-date.

But one of the most essential elements of your defensive arsenal is a thorough security and usage policy. An effective policy requires the same sorts of regular attention and periodic updating as the rest of your security array.

While requiring nowhere near as frequent attention as virus definitions and patches, your company's policy should receive regular reviews. A quarterly look should be sufficient; with interim updates if circumstances or configurations change.

Even a minimal policy should deal with:

Acceptable and unacceptable use of company equipment and connections and Web access

Special attention and, if needed, special rules for phones and other mobile devices

Company e-mail account usage policy

Social network behavior and restrictions

Strong password creation and frequency of password-changes

Personal devices and software used for company business, or for personal purposes over company connections

Data access and particularly data-copying rules and restrictions

Penalties for violations should also be spelled out clearly.

The particulars of each category will depend upon you, the nature of your business and the business purposes to which your employees put your equipment.

But by establishing good, general security and usage policies, putting them in writing and requiring your employees to sign them, you're well-prepared to refine and focus the policies as needed, each time you review them.

Each of those review, I believe, should include review by all of your employees, with a dated signature if practical.

If it's not practical to get a new signature each quarter, give some thought to making employee policy review and re-signature an annual item. You could, in fact, make it part of the policy!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll