Do you have a security policy?
A password policy?
An account lockout policy?
A malware policy?
Here’s a scenario we hear too often:
Employee Tim Jones vacates his employment. Two months later, someone notices that he is in charge of renewing a policy and has the login credentials to do the renewal. The new employee attempts to log in and is asked security questions that Tim Jones set up. The answers are nowhere to be found. Calls to the company to pay the renewal, results in frustration, resetting the password, recreating the account, etc. How and why did this happen?
There was no security policy in place. What do we mean by ‘security policy’? The definition we found sums it up well is from webopedia.com and states:
“A security policy is a document that outlines the rules, laws and practices for computer network access. This document regulates how an organization will manage, protect and distribute its sensitive information (both corporate and client information) and lays the framework for the computer-network-oriented security of the organization.”
There is no policy book, employee manual or process map that will always hit 100% of employee issues, but policies are a start to get people on the same page and thinking about the right behaviors. A security policy is simply that, and should be written today.
Security Policy Components
A security policy can contain the components that are the most important for your organization. This list is just a sample of the items that can be covered:
Policies having to do with creating corporate accounts, corporate logins or user accounts and logins such as:
Account Lock Out Policy
Compromised Password Policy
Password Creation policy
Password Protection/ Password Storage
Policies having to do with downloading information or accessing information on web-based platforms.
Remote Access Policy
Web Application Usage
Internet Usage Policy
Policies having to do with client or employee data that could be confidential or protected.
E-mail Security Policy
Confidential Information Policy
Third Party Connectivity
Equipment Use and Disposal Policy
Policies involving safety and security, backups and data recovery.
Data Storage Policy
Information Stored on Mobile or Removable Devices
Disaster Recovery Plan
Templates can be found in a variety of places online to help design each security policy component. A security policy is a tool designed to help with managing the multiple areas vulnerable to loss, attacks, natural disasters, employee turn-over and more.
Managed IT services can help with the implementation of many of the components of a sound security policy and can even help discover dangerous gaps, such as missing backups or areas where attacks can be more common.
To discover how a security policy can be implemented to start protecting you today, contact EstesGroup Managed IT services.
CompleteCare: Maintaining your own IT infrastructure is expensive and frustrating. EstesCloud CompleteCare combines the benefits of our ServerCare and ClientCare programs into one comprehensive program that protects your entire IT infrastructure at a predictable fixed cost. Let the EstesCloud team become your Trusted IT Advisor, so you can get back to growing your business.
Let’s start the conversation!
ServerCare: A proactive approach to IT that includes regular scheduled maintenance and monitoring is essential to maintaining a healthy network and a productive staff.
EstesCloud ServerCare will give you peace of mind knowing that our team is continually watching and caring for your servers.
Discover the Benefits of ServerCare.
ClientCare: Proactive support for your desktops, laptops, and mobile devices. We provide all of the monitoring, patching, and security tools for your systems, plus full access to our help desk services 24/7/365.
EstesCloud ClientCare will ensure your valuable data is secure whenever and wherever it is needed.
Take control of your systems today.
ComplianceCare: Are you a medical provider under HIPAA or HITECH regulatory compliance? Are government auditors keeping you up at night? Our HIPAA IT Management Service will ensure you are HIPAA compliant.
For the health of your IT Enterprise.