| The most difficult part of creating a Security Policy for | | | | has been read, and then keep the signed and dated |
| your business is determining what, exactly, to include in | | | | certification in their respective personnel folder. And |
| it. Never heard of a Security Policy before? You're not | | | | every time that your Security Policy is updated, make |
| alone. But whether you are the only employee in your | | | | every employee read it again, and sign and date a |
| company or you have a small staff working for you, | | | | document stating that they have read the |
| you need to learn what a Security Policy is, and then | | | | changes.The types of topics you may want to cover |
| you need to create one.In much the same way that a | | | | in your company's Security Policy include but are not |
| personnel policy informs employees of things like | | | | limited to:* What can be loaded onto an employee's |
| vacation time accrual, performance review schedule | | | | computer from floppy disk or CD* What personal |
| and other personnel-related issues, a Security Policy | | | | business, if any, can be conducted on the company |
| informs your employees of the steps that are | | | | computer* Which files or company information is |
| necessary to keep your company's network and | | | | allowed to leave the internal network or is allowed to |
| computers secure. The policy is your company's rules | | | | be sent out over the Internet* Who is allowed to install |
| and regulations that are enforceable, under law if | | | | new software and software upgrades onto the |
| necessary, if breached.A Security Policy will include | | | | system, and equally |
| rules and formal procedures that are clearly written | | | | important, who is not allowed to do this* A password |
| and laid out. But most importantly, the information | | | | management and password change policy which |
| contained must be easy for employees of all levels to | | | | includes the acceptable length of passwords. Provide |
| understand.And just as it is with young children, the | | | | examples of permissible/non-permissible passwords. |
| content of your Security Policy must be enforceable, | | | | Examples of non-permissible passwords might include |
| and it must be enforced consistently. Saying in writing | | | | date of birth, names of pets, nicknames, children's |
| that something is not allowed, then allowing it to happen | | | | names, etc.* Who's allowed remote access to your |
| during regular work hours sends mixed messages to | | | | network from off-site* Policies for locking keyboard or |
| your employees. They won't know what really is right | | | | using password protected screensavers when an |
| or wrong, which will defeat the whole point of your | | | | employee's PC is left unattended* Who is allowed to |
| Security Policy. Inconsistent implementation also leaves | | | | attach their laptop or other portable computing device |
| you open to legal liability.Like any good policy, your | | | | to the network and what information they are allowed |
| Security Policy should be regularly updated to reflect | | | | to upload/download* Guidelines for vendors and other |
| today's rapidly-changing business environment. Most of | | | | visitors who may need access to your network while |
| the time, you will be the person making these changes. | | | | they are on-site.Whether you have one PC or several |
| However, if your company is growing and adding staff, | | | | networked together, you have a lot of money |
| this may not always be the case. Make sure the | | | | invested. Protect this critical business asset with an |
| person responsible for updating your company's | | | | iron-clad Security Policy.Copyright © 2004 Cavyl |
| Security Policy has guidelines and boundaries, and | | | | Stewart. For help with creating your security policy or |
| most of all, make sure you read and approve any | | | | to find security software or other small business |
| changes made by someone else.Make presenting your | | | | programs, visit: |
| Security Policy part of your new employee orientation | | | | - |
| procedure. Make sure every employee reads the | | | | Also, be sure to check out my Exclusive, 100% free |
| policy, signs and dates a document certifying that it | | | | ecourses. |