The rapidly expanding use of technology in every aspect of business is creating a growing security concern. To protect your business and digital assets it is important to have a multipronged approach that addresses physical access, technology security and user policies.
Digital theft, viruses and other treats can be initiated in many ways and from many points both inside and outside of your 4 walls. The development, implementation and monitoring of a robust security plan that addresses each area of concern is the best way to protect your business.
Network and user policies are key components to a full security plan, but they are often overlooked. These policies define the limitations and outline acceptable practices for the use of network and business resources. While there are many tools available to block and monitor network, internet and communication usage, they are most useful when installed and monitored as part of an overall business technology protection strategy. The policies that you define should mirror the compliance tools that you have installed and should serve as an additional deterrent to inappropriate use of company resources. Training for employees is also critical so that they know their role in protecting business and client assets.
Here are a few key areas that should be covered in any network acceptable use policy:
- Security – Defining the user’s role in maintaining a secure network environment is one of the most important components of the policy. Limitations on acceptable use of the network should cover the installation and use of external software and attachment of personal digital devices such as laptops, smart phones, PDA’s and storage media. Define policies on logging into and out of the network and on the use and sharing of passwords and user accounts. Train your employees to spot email attempts at hacking phishing and spoofing, these are the source of many network intrusions.
- Communications – There are both legal and security concerns around the use of company communication systems including email and Internet resources. Restricting the transfer of data, limiting personal use and defining policies on instant messaging, chatting and online subscriptions are important. It is also important to define requirements for remote access and the transfer of digital files in and out of the company network.
- Inappropriate Use –The policy needs to define prohibited activities and outline the consequences for engaging in them. Examples of inappropriate use include sending viruses, hacking and using the network for criminal activity. Communicate company policies regarding inappropriate and restricted internet browsing and accessing company or personal data without permission.
Network and user policies need should be developed and communicated by management so employees understand why they are important and to make them aware of the business and legal consequences of breaking them. Training on the use of business network resources will also give employees the knowledge to make good decisions on protecting company assets and intellectual property.