Security Policy

Security starts with the end-user.
A security policy prevents security loss in advance, and creates a plan of response for security breaches.

One of the simplest ways to ensure business network security is to set clear policies in place.

This goes beyond a disaster recovery plan, and works to prevent security loss in advance by outlining which websites can be accessed by employees from company computers, or what necessary procedures are for dealing with a lost USB drive. AIE’s consultants understand that this may vary from business to business, and they combine their expertise in security with your business dynamic as they offer advice on appropriate policies to implement. 

A good security policy covers both prevention and response.

  • Prevention. A simple example of a prevention policy is an acceptable usage policy. This covers things like websites that can or cannot be accessed from the business location, password creation guidelines, and where company data is to be stored. Companies should also outline a remote access policy, describing where web-based e-mail can be used, how to access the company network from mobile phones and home offices, and even which employees have the right to remote access. Policies determining data classification and back-up should be set in place as well – it’s important for businesses to know which information could pose a significant security risk.
  • Response. When a policy is broken and security is breached, there must be a plan of action in place to follow. What happens when a sales consultant loses his smart phone, along with all the company data streamed to it? What about when the accountant accidentally downloads a virus to her computer, compromising the financial data? An incident response policy, when properly in place, helps the end-user determine how to respond to any IT intrusion, data exposure, or other network security issue. It should also include a list of people to contact, including an IT support team like AIE.