Set up security policies – now

Call centre. Sales. IT. R&D. Your employees, in every department, are the most important defense in protecting information about your company and its customers. Information security involves systems and technology (safeguards against malicious interlopers), but it also relies

on clear communication. According to the “Security Worksheet”, an online survey of 458 IT professionals developed with security experts at @Stake Inc., only 28.2 per cent said their organization had a company wide security policy. Only 37.6 per cent label documents in terms of their security status, and 21.8 per cent specify how sensitive company documents should be treated.

BEST PRACTICES

1. Put people first.

It may be an old Bill Clinton campaign slogan, but it holds for security policies: You’ve got to get workers on the right page. “Employees are your security,” says Mudge, which is the nom de guerre used by the vice-president of R&D at @Stake in Cambridge, Mass. “They are your potential leaks, but they are also the people you rely on to keep policies in place and to point out possible problems.”

2. Identify core business assets.

A well-defined security policy reflects the company’s core vision and reinforces what matters to the company from a financial and business stance, Mudge says. Assess what is most important to your business. Identify core business assets and what level of security these assets warrant.

3. Develop labeling guidelines.

Once you know what you have and what needs protecting, designate how to treat each information asset. Classifications could include public record (available to all), company confidential/proprietary (accessible to staff) or classified.

4. Specify handling rules.

Consider how company information travels – across your network, data and voice lines, via cellular phones and wireless PDAs. Then specify how information needs to be treated, including how it will be marked (top of document, watermarked paper), transmitted (encrypted, no wireless access), stored (secured servers or locked file cabinets), destroyed (shredded or deleted) and disclosed or released.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now