It’s one thing to talk about security. It’s another to establish security guidelines or even a formal policy. Then will come the exciting process of educating your employees on the new policy and finally, enforcing it. But is a security policy really necessary?
A security policy in the small business environment might seem like overkill if you have less than say 5 employees. However, having a clearly defined security policy established will make for a much safer work place as your business grows and your environment becomes more complex. The policy should be clearly outlined, easy to understand, and available to all employees. When a policy is established or modified, it should be presented to existing employees and indoctrinated (such a scary word) into new hires.
The importance of establishing a security policy cannot be overstated. No matter how small your current customer base may be, there are evil powers at work that would love to snag customer information and exploit it for their own personal gain. Why make it easy for them with a lax attitude towards hardening security?
There are three key areas to focus on when developing a security policy:
- Securing Hardware
- Securing Software
- Securing Customer Data
Securing Hardware Basics
Securing Software Basics
- Install a strong antivirus and antispam package on your server(s) and client PCs.
- Consider email attachment restrictions.
Securing Customer Data
- Implement an information classification policy. With everyone on the same page in regards to how sensitive customer data should be handled, there will be fewer slip ups when sharing or transmitting this information.
Keep in mind the purpose of establishing security policies. These are intended to be a guideline for how to handle sensitive information so that employees are accountable for their professionalism or lack thereof. Remember, your security policies are only as strong as your most irresponsible employee. Not really a pleasant topic but an important one to address.