Creating a Security Policy: 4 tips to get started

With cybercriminals increasing their assault on small businesses, human error has become one of the most common ways hackers gain access to business data. (A whopping 58% of users have accidentally shared confidential information.)

To help protect your business, keep employees informed on potential security risks and implement a security policy.

Don’t have a Security Policy in place? Here are a few things your security policy should cover.

1. Require Strong Passwords
Using simple passwords that can be easily guessed leaves your business wide open to hackers. Require employees to use complex passwords for their email and computer login. Complex passwords should be a minimum of 7 characters and include a mix of upper and lowercase letters, numbers, and special characters. For extra security, employees should change their password every 60-90 days.

2. Set an Email Usage Policy
Company email accounts should be utilized for business use only; employees should not use a company email address to send personal messages or files. Consider including email security best practices in your policy (for example: Never send passwords or financial information via email).

3. Include Clear Internet Usage Guidelines
As with company email, internet usage in the office should be for business purposes only. To reduce the potential for unwanted viruses and malware, prohibit unauthorized downloads on employee PCs and restrict access to personal email accounts. If you’d like to automatically block access to certain categories of websites (i.e. social media or entertainment streaming), consider investing in a content filtering solution.

4. Don’t forget about BYOD
With over 65% of workers using their smartphone for business use, it’s important to address ‘bring your own device’ (BYOD) in your security policy. Let employees know whether they are allowed to use their personal smartphone, tablet or laptop for work-related tasks. The security policy should also make it clear that data (files, emails, etc) on any device is business property and should not be removed or copied without authorization.

If you don’t currently have a security policy in place, we hope these tips help you to get started.

Want more tips to keep your business protected? Contact us or schedule a security health checkup.