Government // Mobile & Wireless
Commentary
1/21/2011
10:18 AM
Keith Ferrell
Keith Ferrell
Commentary
Connect Directly
RSS
E-Mail
50%
50%

SMB Security Means Putting Policy First

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)The range, variety and sheer number of threats small and midsized businesses face can distract us from anything other than trying to keep our defenses up -- and up-to-date.

But one of the most essential elements of your defensive arsenal is a thorough security and usage policy. An effective policy requires the same sorts of regular attention and periodic updating as the rest of your security array.

While requiring nowhere near as frequent attention as virus definitions and patches, your company's policy should receive regular reviews. A quarterly look should be sufficient; with interim updates if circumstances or configurations change.

Even a minimal policy should deal with:

Acceptable and unacceptable use of company equipment and connections and Web access

Special attention and, if needed, special rules for phones and other mobile devices

Company e-mail account usage policy

Social network behavior and restrictions

Strong password creation and frequency of password-changes

Personal devices and software used for company business, or for personal purposes over company connections

Data access and particularly data-copying rules and restrictions

Penalties for violations should also be spelled out clearly.

The particulars of each category will depend upon you, the nature of your business and the business purposes to which your employees put your equipment.

But by establishing good, general security and usage policies, putting them in writing and requiring your employees to sign them, you're well-prepared to refine and focus the policies as needed, each time you review them.

Each of those review, I believe, should include review by all of your employees, with a dated signature if practical.

If it's not practical to get a new signature each quarter, give some thought to making employee policy review and re-signature an annual item. You could, in fact, make it part of the policy!

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - September 2, 2014
Avoiding audits and vendor fines isn't enough. Take control of licensing to exact deeper software discounts and match purchasing to actual employee needs.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In in-depth look at InformationWeek's top stories for the preceding week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.