SMB Security Means Putting Policy First

How long since you've taken a look at your business's security policy? (Assuming, of course that your business <em>has</em> a security policy.)

Keith Ferrell, Contributor

January 21, 2011

2 Min Read

How long since you've taken a look at your business's security policy? (Assuming, of course that your business has a security policy.)The range, variety and sheer number of threats small and midsized businesses face can distract us from anything other than trying to keep our defenses up -- and up-to-date.

But one of the most essential elements of your defensive arsenal is a thorough security and usage policy. An effective policy requires the same sorts of regular attention and periodic updating as the rest of your security array.

While requiring nowhere near as frequent attention as virus definitions and patches, your company's policy should receive regular reviews. A quarterly look should be sufficient; with interim updates if circumstances or configurations change.

Even a minimal policy should deal with:

Acceptable and unacceptable use of company equipment and connections and Web access Special attention and, if needed, special rules for phones and other mobile devices Company e-mail account usage policy Social network behavior and restrictions Strong password creation and frequency of password-changes Personal devices and software used for company business, or for personal purposes over company connections Data access and particularly data-copying rules and restrictions

Penalties for violations should also be spelled out clearly.

The particulars of each category will depend upon you, the nature of your business and the business purposes to which your employees put your equipment.

But by establishing good, general security and usage policies, putting them in writing and requiring your employees to sign them, you're well-prepared to refine and focus the policies as needed, each time you review them.

Each of those review, I believe, should include review by all of your employees, with a dated signature if practical.

If it's not practical to get a new signature each quarter, give some thought to making employee policy review and re-signature an annual item. You could, in fact, make it part of the policy!

Read more about:

20112011

About the Author(s)

Keith Ferrell

Keith Ferrell

Contributor

See more from Keith Ferrell
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now