| The most difficult part of creating a | | | | read, and then keep the signed and dated |
| Security Policy for your business is | | | | certification in their respective personnel |
| determining what, exactly, to include in it. | | | | folder. And every time that your Security |
| Never heard of a Security Policy before? | | | | Policy is updated, make every employee read |
| You're not alone. But whether you are the | | | | it again, and sign and date a document |
| only employee in your company or you have a | | | | stating that they have read the changes.The |
| small staff working for you, you need to | | | | types of topics you may want to cover in your |
| learn what a Security Policy is, and then you | | | | company's Security Policy include but are not |
| need to create one.In much the same way that | | | | limited to:* What can be loaded onto an |
| a personnel policy informs employees of | | | | employee's computer from floppy disk or CD* |
| things like vacation time accrual, | | | | What personal business, if any, can be |
| performance review schedule and other | | | | conducted on the company computer* Which |
| personnel-related issues, a Security Policy | | | | files or company information is allowed to |
| informs your employees of the steps that are | | | | leave the internal network or is allowed to |
| necessary to keep your company's network and | | | | be sent out over the Internet* Who is allowed |
| computers secure. The policy is your | | | | to install new software and software upgrades |
| company's rules and regulations that are | | | | onto the system, and equally |
| enforceable, under law if necessary, if | | | | |
| breached.A Security Policy will include rules | | | | important, who is not allowed to do this* A |
| and formal procedures that are clearly | | | | password management and password change |
| written and laid out. But most importantly, | | | | policy which includes the acceptable length |
| the information contained must be easy for | | | | of passwords. Provide examples of |
| employees of all levels to understand.And | | | | permissible/non-permissible passwords. |
| just as it is with young children, the | | | | Examples of non-permissible passwords might |
| content of your Security Policy must be | | | | include date of birth, names of pets, |
| enforceable, and it must be enforced | | | | nicknames, children's names, etc.* Who's |
| consistently. Saying in writing that | | | | allowed remote access to your network from |
| something is not allowed, then allowing it to | | | | off-site* Policies for locking keyboard or |
| happen during regular work hours sends mixed | | | | using password protected screensavers when an |
| messages to your employees. They won't know | | | | employee's PC is left unattended* Who is |
| what really is right or wrong, which will | | | | allowed to attach their laptop or other |
| defeat the whole point of your Security | | | | portable computing device to the network and |
| Policy. Inconsistent implementation also | | | | what information they are allowed to upload |
| leaves you open to legal liability.Like any | | | | download* Guidelines for vendors and other |
| good policy, your Security Policy should be | | | | visitors who may need access to your network |
| regularly updated to reflect today's | | | | while they are on-site.Whether you have one |
| rapidly-changing business environment. Most | | | | PC or several networked together, you have a |
| of the time, you will be the person making | | | | lot of money invested. Protect this critical |
| these changes. However, if your company is | | | | business asset with an iron-clad Security |
| growing and adding staff, this may not always | | | | Policy.Copyright © 2004 Cavyl Stewart. For |
| be the case. Make sure the person responsible | | | | help with creating your security policy or to |
| for updating your company's Security Policy | | | | find security software or other small |
| has guidelines and boundaries, and most of | | | | business programs, visit: |
| all, make sure you read and approve any | | | | |
| changes made by someone else.Make presenting | | | | - |
| your Security Policy part of your new | | | | |
| employee orientation procedure. Make sure | | | | Also, be sure to check out my Exclusive, |
| every employee reads the policy, signs and | | | | 100% free ecourses. |
| dates a document certifying that it has been | | | | |