Protect Your Computer System with a Comprehensive Security Policy

The most difficult part of creating a Security Policy for your business is determining what, exactly, to include in it. Never heard of a Security Policy before? You're not alone. But whether you are the only employee in your company or you have a small staff working for you, you need to learn what a Security Policy is, and then you need to create one.

In much the same way that a personnel policy informs employees of things like vacation time accrual, performance review schedule and other personnel-related issues, a Security Policy informs your employees of the steps that are necessary to keep your company's network and computers secure. The policy is your company's rules and regulations that are enforceable, under law if necessary, if breached.

A Security Policy will include rules and formal procedures that are clearly written and laid out. But most importantly, the information contained must be easy for employees of all levels to understand.

And just as it is with young children, the content of your Security Policy must be enforceable, and it must be enforced consistently. Saying in writing that something is not allowed, then allowing it to happen during regular work hours sends mixed messages to your employees. They won't know what really is right or wrong, which will defeat the whole point of your Security Policy. Inconsistent implementation also leaves you open to legal liability.

Like any good policy, your Security Policy should be regularly updated to reflect today's rapidly-changing business environment. Most of the time, you will be the person making these changes. However, if your company is growing and adding staff, this may not always be the case. Make sure the person responsible for updating your company's Security Policy has guidelines and boundaries, and most of all, make sure you read and approve any changes made by someone else.

Make presenting your Security Policy part of your new employee orientation procedure. Make sure every employee reads the policy, signs and dates a document certifying that it has been read, and then keep the signed and dated certification in their respective personnel folder. And every time that your Security Policy is updated, make every employee read it again, and sign and date a document stating that they have read the changes.

The types of topics you may want to cover in your company's Security Policy include but are not limited to:

* What can be loaded onto an employee's computer from floppy disk or CD

* What personal business, if any, can be conducted on the company computer

* Which files or company information is allowed to leave the internal network or is allowed to be sent out over the Internet

* Who is allowed to install new software and software upgrades onto the system, and equally important, who is not allowed to do this

* A password management and password change policy which includes the acceptable length of passwords. Provide examples of permissible/non-permissible passwords. Examples of non-permissible passwords might include date of birth, names of pets, nicknames, children's names, etc.

* Who's allowed remote access to your network from off-site

* Policies for locking keyboard or using password protected screensavers when an employee's PC is left unattended

* Who is allowed to attach their laptop or other portable computing device to the network and what information they are allowed to upload/download

* Guidelines for vendors and other visitors who may need access to your network while they are on-site.

Whether you have one PC or several networked together, you have a lot of money invested. Protect this critical business asset with an iron-clad Security Policy.

Copyright © 2004 Cavyl Stewart. For help with creating your security policy or to find security software or other small business programs, visit: http://www.find-small-business-software.com/hr-software.html - Also, be sure to check out my Exclusive, 100% free ecourses.

Mines Management Inc. : Update - Prepares For Exploration On La Estrella Gold ... Reuters RELEASE 12-05 UPDATE - MINES MANAGEMENT PREPARES FOR EXPLORATION ON LA ESTRELLA GOLD-SILVER PROJECT Spokane, Washington - May 25, 2012 - Mines Management, Inc. (NYSE-Amex: "MGN", TSX: "MGT") (the "Company") is pleased to announce preparations, ... and more »

New York Times (blog)

Management Buyouts Can Be Too Cozy New York Times (blog) That seems to be the case with the board of Venoco, a California oil company that is the subject of a proposed $770 million management buyout. On Jan. 16, the Venoco board of directors agreed to let the company be acquired by its chairman and chief ...

Bloomberg

Dell Close to Buying Quest for Computer-Management BusinessWeek By Serena Saitto and Aaron Ricadela on May 25, 2012 Dell Inc. (DELL) (DELL) is in advanced discussions to acquire Quest Software Inc. (QSFT) (QSFT), a maker of tools that help companies manage their computer systems, according to a person with ... Dell Said Close to Buying Quest for Computer-ManagementBloomberg Dell's Quest For Software Business Could Lead To Acquiring Quest SoftwareCRN Would Quest buy help Dell?GigaOM Channelnomics -Forbes -Investor's Business Daily all 80 news articles »

Bloomberg

Apollo Global Management Completes Acquisition of EP Energy MarketWatch (press release) Sam Oh, partner at Apollo, stated, "We are delighted to partner with one of North America's leading exploration and production franchises led by a world class team of managers. Our acquisition of EP Energy solidifies Apollo's natural resources platform ... Apollo Completes Acquisition of EP EnergyPrivate Equity Hub (press release) all 64 news articles »

New York Magazine

JPMorgan Chase Risk Management Committee Missing Bank Directors, Financial ... Huffington Post What the committee's missing that all the other big banks have: people who worked as financial risk managers. The makeup of JPMorgan's committee hasn't changed since 2008, but the bank was warned last year that it wasn't up to the task of monitoring ... JP Morgan's Risks Aren't Well-Managed Because JP Morgan Doesn't Want Sound ...Slate Magazine (blog) all 28 news articles »

Management Tip of the Day: Hire for passion Reuters The Management Tip of the Day offers quick, practical management tips and ideas from Harvard Business Review and HBR.org (www.hbr.org). Any opinions expressed are not endorsed by Reuters. "People are more creative when they feel passionate about their ... and more »

SAS in Leaders Quadrant of Magic Quadrant for CRM Multichannel Campaign Management MarketWatch (press release) CARY, NC, May 25, 2012 (BUSINESS WIRE) -- SAS is in the Leaders quadrant in Gartner Inc.'s latest, "Magic Quadrant for CRM Multichannel Campaign Management"(1) This places SAS, the leader in business analytics and integrated marketing management, ... and more »

Altiplano Minerals Ltd. Announces Changes to Management and Amendments to ... MarketWatch (press release) May 25, 2012 (ACCESSWIRE-TNW via COMTEX) -- May 25, 2012 - Vancouver, British Columbia - Altiplano Minerals Ltd. ("Altiplano" or the "Company") (apn:TSX-V) announces today several management changes as well as proposed amendments to certain matters ... and more »

VIP Wins Project Management Contract for California Secretary of State MarketWatch (press release) SACRAMENTO, CA, May 25, 2012 (MARKETWIRE via COMTEX) -- The California Secretary of State awarded Visionary Integration Professionals (VIP) a contract for just under $1 million to provide project management services for the California Business Connect ... and more »

Strategic Information Management Provider Stibo Systems Achieves Record Growth MarketWatch (press release) Stibo Systems, the Strategic Information Management Company, today announced significant financial growth highlighted by new customer contracts, additional deployments from existing clients, and expansion into new vertical industries and geographies ... and more »