The most difficult part of creating a Security Policy for your business is determining what, exactly, to include in it. Never heard of a Security Policy before? You're not alone. But whether you are the only employee in your company or you have a small staff working for you, you need to learn what a Security Policy is, and then you need to create one.
In much the same way that a personnel policy informs employees of things like vacation time accrual, performance review schedule and other personnel-related issues, a Security Policy informs your employees of the steps that are necessary to keep your company's network and computers secure. The policy is your company's rules and regulations that are enforceable, under law if necessary, if breached.
A Security Policy will include rules and formal procedures that are clearly written and laid out. But most importantly, the information contained must be easy for employees of all levels to understand.
And just as it is with young children, the content of your Security Policy must be enforceable, and it must be enforced consistently. Saying in writing that something is not allowed, then allowing it to happen during regular work hours sends mixed messages to your employees. They won't know what really is right or wrong, which will defeat the whole point of your Security Policy. Inconsistent implementation also leaves you open to legal liability.
Like any good policy, your Security Policy should be regularly updated to reflect today's rapidly-changing business environment. Most of the time, you will be the person making these changes. However, if your company is growing and adding staff, this may not always be the case. Make sure the person responsible for updating your company's Security Policy has guidelines and boundaries, and most of all, make sure you read and approve any changes made by someone else.
Make presenting your Security Policy part of your new employee orientation procedure. Make sure every employee reads the policy, signs and dates a document certifying that it has been read, and then keep the signed and dated certification in their respective personnel folder. And every time that your Security Policy is updated, make every employee read it again, and sign and date a document stating that they have read the changes.
The types of topics you may want to cover in your company's Security Policy include but are not limited to:
* What can be loaded onto an employee's computer from floppy disk or CD
* What personal business, if any, can be conducted on the company computer
* Which files or company information is allowed to leave the internal network or is allowed to be sent out over the Internet
* Who is allowed to install new software and software upgrades onto the system, and equally important, who is not allowed to do this
* A password management and password change policy which includes the acceptable length of passwords. Provide examples of permissible/non-permissible passwords. Examples of non-permissible passwords might include date of birth, names of pets, nicknames, children's names, etc.
* Who's allowed remote access to your network from off-site
* Policies for locking keyboard or using password protected screensavers when an employee's PC is left unattended
* Who is allowed to attach their laptop or other portable computing device to the network and what information they are allowed to upload/download
* Guidelines for vendors and other visitors who may need access to your network while they are on-site.
Whether you have one PC or several networked together, you have a lot of money invested. Protect this critical business asset with an iron-clad Security Policy.
Copyright © 2004 Cavyl Stewart. For help with creating your security policy or to find security software or other small business programs, visit: http://www.find-small-business-s oftware.com/hr-software.html - Also, be sure to check out my Exclusive, 100% free ecourses.
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
Employees truly deserve paid vacations... Read More
When you are acclaimed for excellence during times of crisis you may not feel so good in a non-crisis environment... Read More
There is a growing movement in the spiritual and holistic fields to bring a more metaphysical and human potential approach to the business community... Read More
Where does the time go? Billable time... Read More
You Can't Do It All - Learning To DelegateThere is not a single management skill more critical to your personal and professional success as an entrepreneur than learning to delegate... Read More
You probably know this already, but there are generally held to be four main personality types, which I call: Extrovert, Amiable, Analytical and Pragmatic ... Read More
Do you remember being told to use the "sandwich" technique when you needed to reprimand someone? Let me give you an example:"Fred, I'm really pleased with how you've been progressing since you joined us and you're doing a great job... Read More