Develop a Technology Security Policy
A security policy is comprehensive and includes a road map for your business technology security. A security policy should define how confidential information and hardware is protected, accessed, and shared. Your security policy must be based upon your specific business needs and will likely evolve over time as your technology changes. Here are five steps you can take today that will assist in development of your security policy.
Internet Access Control
Ensure your employees are spending their online time productively and safely by blocking potentially harmful or time wasting sites.
Antivirus & Malware Protection
An enterprise solution is ideal, as it is more robust and designed for networks as well as individual computers. Use you security policy to define when automated updates are scheduled to run to have the latest updates for your antivirus solution.
Data and System Back-up
Back-up of your systems and data is like an insurance policy against failures. This is your secondary defense in the event that something nasty slips past the antivirus software. If your data is not backed-up regularly you may lose significant amounts of information and work. Recovery of the data may be costly or even impossible depending upon the extent of the damage. Back-up ensures you will be up and running again with minimal disruption.
Define how often passwords must be changed such as every 30 days, 3 months, or 6 months. This depends upon your business and the type of information security required. Level of password strength can also be defined.
WiFi User Access
Your bandwidth should be secured from outsiders by firewalls and passwords. If you offer WiFi availability to your customers, be sure it is a secondary secure line without access your systems.
Longer term planning and implementation will be required to complete your security policy. Additional questions that will help to shape your technology security policy are:
Who has access to information and how is it accessed?
Can employees bring their own devices?
What information can be accessed from off-site?
Can users add software or apps to a device?
How can sensitive information be encrypted?
Who is in control of the Security Policy and how can it be amended?
What do you do in case of a security breach?
What if hardware is stolen?
While there is obviously many more questions and issues to address, do not get overwhelmed. The important thing is to begin taking some action with the points outlined above. These actions will move your business in the right direction toward shaping a comprehensive Security Policy. As always, we are available to assist you and are happy to offer a complementary review of your current security policy.