- Acceptable Use – This policy is important to make clear what is appropriate and what can be sanctioned. Should any legal issues arise due to a breach or lawsuit, policies are looked at immediately to determine if fault lies with the organization or not. Policies need to be clear, thorough and easily accessible to be effective.
- Security Awareness – Awareness is important for prevention of a severe incident. Not all users know about the dangers a firm faces on a daily basis. Fraudulent emails, unsafe browsing, and other daily tasks can be covered with awareness training.
- Information – Keep your data safe! Policies that that protect sensitive data are the most obvious, but often the most overlooked. Computers and files need to be locked down thoroughly. Data transfers must be covered as well. There should be a comprehensive understanding of what needs to be kept safe and how to do so.
- Disaster Recovery – There is not a business in the world that is immune to security incidents. All the security policies available can and will fail given enough time. Recovery plans need to be put in place well ahead of a significant event so that downtime is kept to a minimum.
- Change Management – Almost all changes that are made to a network should be tracked and approved by an authorized user. Management or IT personnel need to know what was changed, why. The scope of this can range depending on the business, but some sort of auditing must be in place to prevent internal compromises.
- Incident Response – Similar to Disaster Recovery, Incident Response is geared towards minimizing downtime and putting yourself in a position to shake off potential compromises. Planning for security incidents ahead of time is the best way to make sure the impact is not severe. It also keeps employees from panicking as they will have a guiding policy to help them react effectively.
- Remote Access – While the most secure way to use a computer is having an authorized user punch in their credentials within a building that can be monitored, it is a necessity for some businesses to allow remote connections. This must be setup by somebody with a strong technical background to make sure that the connection is secure. Any time a remote connection is made, another vulnerability is created. IT professionals are qualified to create this connection.
- BYOD – Another policy that is a necessary evil in today’s world, most employees like to work on their own mobile devices. Again, IT professionals can ensure that employees can use the functionality of their own devices while not compromising security.
- Vendor Access – Everyone that has any sort of network or data access needs to understand what acceptable behavior is. Vendors include technical support employees, partners, and other businesses. Often, contracts are signed to state what is and is not acceptable before any partnership is formed.
- Media Destruction – Client information is extremely valuable, even if it is outdated. Different professions have specific guidelines for how long data can be kept before it is then properly disposed of. Having and following these policies keeps a firm from being liable should the data be misused.
I hope you find these tips helpful. For more details on how to apply these tips to your business, please contact me, your strategic technology planner, at SecurityFirst@BrickTechIT.com or at (407) 244-4494.
BrickTech provides IT Support, IT Consulting, Managed IT Services and offers VoIP phone systems in Orange County and Seminole County including Orlando, Winter Park, Oviedo, Maitland, Altamonte Springs, Casselberry, Longwood, Lake Mary, Sanford and surrounding areas.