Do you have a security policy?

A password policy?

An account lockout policy?

A malware policy?

Here’s a scenario we hear too often:

Employee Tim Jones vacates his employment. Two months later, someone notices that he is in charge of renewing a policy and has the login credentials to do the renewal. The new employee attempts to log in and is asked security questions that Tim Jones set up. The answers are nowhere to be found. Calls to the company to pay the renewal, results in frustration, resetting the password, recreating the account, etc. How and why did this happen?

 

There was no security policy in place. What do we mean by ‘security policy’? The definition we found sums it up well is from webopedia.com and states:

 

A security policy is a document that outlines the rules, laws and practices for computer network access. This document regulates how an organization will manage, protect and distribute its sensitive information (both corporate and client information) and lays the framework for the computer-network-oriented security of the organization.”

 

There is no policy book, employee manual or process map that will always hit 100% of employee issues, but policies are a start to get people on the same page and thinking about the right behaviors. A security policy is simply that, and should be written today.

 

Security Policy Components

 

A security policy can contain the components that are the most important for your organization. This list is just a sample of the items that can be covered:

 

Account Creation

Policies having to do with creating corporate accounts, corporate logins or user accounts and logins such as:

 

Account Lock Out Policy

Compromised Password Policy

Password Creation policy

Password Protection/ Password Storage

 

Cloud Computing

Policies having to do with downloading information or accessing information on web-based platforms.

 

Remote Access Policy

Software Installation

Web Application Usage

Internet Usage Policy

Downloading Policy

 

Confidentiality

Policies having to do with client or employee data that could be confidential or protected.

 

E-mail Security Policy

Confidential Information Policy

Third Party Connectivity

Equipment Use and Disposal Policy

 

Security

Policies involving safety and security, backups and data recovery.

 

Anti-Virus Policy

Backup Policy

Data Storage Policy

Information Stored on Mobile or Removable Devices

Disaster Recovery Plan

Templates can be found in a variety of places online to help design each security policy component. A security policy is a tool designed to help with managing the multiple areas vulnerable to loss, attacks, natural disasters, employee turn-over and more.

 

Managed IT services can help with the implementation of many of the components of a sound security policy and can even help discover dangerous gaps, such as missing backups or areas where attacks can be more common.

 

To discover how a security policy can be implemented to start protecting you today, contact Estes Group Managed IT services.

Continue to our next security blog on malware policy and why you should have one.

EstesCloud // Explore our Managed Services Solution:

CompleteCare: Maintaining your own IT infrastructure is expensive and frustrating. EstesCloud CompleteCare combines the benefits of our ServerCare and ClientCare programs into one comprehensive program that protects your entire IT infrastructure at a predictable fixed cost.  Let the EstesCloud team become your Trusted IT Advisor, so you can get back to growing your business.
Let’s start the conversation!


ServerCare: A proactive approach to IT that includes regular scheduled maintenance and monitoring is essential to maintaining a healthy network and a productive staff.
EstesCloud ServerCare will give you peace of mind knowing that our team is continually watching and caring for your servers.
Discover the Benefits of ServerCare.


ClientCare: Proactive support for your desktops, laptops, and mobile devices.  We provide all of the monitoring, patching, and security tools for your systems, plus full access to our help desk services 24/7/365.
EstesCloud ClientCare will ensure your valuable data is secure whenever and wherever it is needed.

Take control of your systems today.


ComplianceCare: Are you a medical provider under HIPAA or HITECH regulatory compliance? Are government auditors keeping you up at night? Our HIPPA IT Management Service will ensure you are HIPPA compliant.

For the health of your IT Enterprise.

Take the first step to reduce cost and increase the productivity of your business. Give us a call at 888.300.2340, and

Join Us At Epicor Insights 2017

For a special gathering at Fuse Sports Bar.

You could win an Amazon Alexa and a two our business process review from Ben Nixon.

Join the fun as we talk Epicor and the issues you have in business.

Check your E-Mail for some special information.