You may see the title of this post, and think that you may be too small to think or worry about security policies, however, they can be an extremely useful tool to remind you of things you should consider whenever you are using your computer systems.
How Policies Can Help You
A set of defined security policies can help ensure you stay ahead of any changes in the laws regarding the protection of personal data, as you can verify that you meet any new requirements by analysing your policies. A written policy will also give you something to show to your customers, which can go a long way to helping them trust you.
Written policies can also serve as gentle reminders for anyone who works for you, they can contain details of what should happen if issues arise, who is to be notified of the issue and, importantly, what action you will take should a breach of policy occur.
OK, So What Should My Policies Cover?
You should have policies in place to cover any action that may put sensitive data at risk, here are a few examples:
Social Media: What information can and can not be sent to social networks, along with the names of the people responsible for managing your social profiles.
Data Backups: The names of the people responsible for looking after your backup media and performing backups, what should happen if the backup media is lost or stolen, along with a set of instructions for the secure disposal of unusable media.
Staffing Issues: What happens when a member of staff leaves the company or goes away for an extended period of time? Who is responsible for securing the systems and removing data?
Equipment Recycling: Data destruction procedures, names of people who have been trained in secure data disposal.
Where Do I Start?
Looking at the list above, you may think that writing a set of policies to cover all of those will take a long time, the truth is it is a lot easier than you might think, and help is never too far away.
Start by writing down the things you already do to cover data backups, your use of social media and anything else that you feel is important to remember. Done that? Good, you have the beginnings of a security policy!
Now comes the harder task of devising actions to cover things you probably haven't thought of until now, like securing your systems should staff leave. This one is fairly easy, so here are some of the steps you can take to protect yourself:
- Disable their user account
- Re-direct their e-mail to either yourself or their manager
- Change the passwords to any company accounts they had access to on Twitter, etc.
- Recover any computer equipment they used that is owned by the company and follow your Data Destruction procedures before re-issuing it to another employee
These steps, and the people responsible for performing them, should be included in your security policy.
If you've reached this point in the post and feel completely lost, don't worry, we can help you ensure that the policies you implement are suited to your organisation. Our security professionals can assist your policy development, review any policies you already have and train your employees to ensure they know how your policies affect their daily work.
[button size="large" href="/contact-us" color="red"]Get in Touch[/button]