With IT security breaches making the headines on a frequent basis – as in the problems faced by the retailer Target (110 million data records compromised in 2013) or insurance provider Anthem (up to 80 million compromised records in 2015) it’s never been a better time to revisit your company’s IT policy to make sure it’s comprehensive and understood by all.
Eighty-seven percent of SMBs do not have a formal written Internet security policy for employees. – National Cyber Security Alliance
While no infrastructure is 100 percent safe from hacking, having a comprehensive IT security policy can help mitigate the threats and lessen the impact if there is some kind of breach or natural disaster. Creating a viable policy is a matter of putting together small, reasonable steps that can be followed by anyone on your staff. Here are some topics you might want to consider covering in your policy:
Create strong passwords. Passwords are the first line of defense against security breaches. Most users recognize the importance of passwords, but some compromise their effectiveness by choosing the wrong set of words – such as “password123” – that can be readily identified by a hacker. Your policy should help employees understand how to create passwords that are unique and difficult to parse by an outsider.
Know the limits. It’s no secret that employees enjoy surfing the web and even downloading outside data while at work, but such actions can lead to imported viruses and hacking opportunities. Use your IT security policy to spell out the acceptable use of the Internet within the workplace, and the consequences of using the web irresponsibly.
Participate in training. Not every user in your workplace has the same level of computer expertise or insight. A training workshop on IT security can answer questions and provide context for employees who might otherwise be unaware of potential threats.
Have a recovery plan. “Expect the unexpected” is a watchword in the IT world. Hacking is just one of the risks to your company. Weather disasters like tornadoes can damage infrastructure, as can system breakdowns or viral problems. Appoint employees to manage the recovery process, which includes having a communication plan for all workers.
With the right security policy in place, you can stay more productive and recover more quickly – a win-win for all involved.