Government // Mobile & Wireless
Commentary
1/21/2011
10:18 AM
Keith Ferrell
Keith Ferrell
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

SMB Security Means Putting Policy First

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)The range, variety and sheer number of threats small and midsized businesses face can distract us from anything other than trying to keep our defenses up -- and up-to-date.

But one of the most essential elements of your defensive arsenal is a thorough security and usage policy. An effective policy requires the same sorts of regular attention and periodic updating as the rest of your security array.

While requiring nowhere near as frequent attention as virus definitions and patches, your company's policy should receive regular reviews. A quarterly look should be sufficient; with interim updates if circumstances or configurations change.

Even a minimal policy should deal with:

Acceptable and unacceptable use of company equipment and connections and Web access

Special attention and, if needed, special rules for phones and other mobile devices

Company e-mail account usage policy

Social network behavior and restrictions

Strong password creation and frequency of password-changes

Personal devices and software used for company business, or for personal purposes over company connections

Data access and particularly data-copying rules and restrictions

Penalties for violations should also be spelled out clearly.

The particulars of each category will depend upon you, the nature of your business and the business purposes to which your employees put your equipment.

But by establishing good, general security and usage policies, putting them in writing and requiring your employees to sign them, you're well-prepared to refine and focus the policies as needed, each time you review them.

Each of those review, I believe, should include review by all of your employees, with a dated signature if practical.

If it's not practical to get a new signature each quarter, give some thought to making employee policy review and re-signature an annual item. You could, in fact, make it part of the policy!

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.