Content Starts Here
Email and internet policies
From payroll and personnel files to sales forecasts and the client database, information is the lifeblood of your business. And protecting this information from loss, theft or unauthorized use is not only crucial to the security of your company, but vital to maintaining the trust and confidence of your customers and partners.
Viruses, hackers and other malicious intruders can - and do - threaten companies of all sizes. In fact, more than half of the companies that responded to the 2006 US CSI/FBI (Computer Security Institute/Federal Bureau of Investigations in the United States of America) Computer Crime and Security Survey1 said their organizations had experienced an unauthorized use of their computer systems in the past 12 months.
Because malicious intruders pose a constant threat, every company should have a plan for protecting its information. If you haven't yet developed a plan for your business, now is the time to get started. If you already have a plan in place, now might be a good time to give it a second look. One of the components your security plan should include is an e-mail and Internet usage policy. Look for additional security "building blocks" in future articles.
Even for the smallest of businesses, it's a good idea to institute an e-mail and Internet security policy. By getting everyone on the same page about security, you'll be less likely to experience security problems. At a minimum, your policy should:
- Enforce a strong password policy that restricts employees from using easily-guessed passwords (such as their names, spouse's names, pet's name or passwords with less than five characters or all the same letters) and requires that they use passwords that combine longer strings of mixed-case characters with non-alphabetic characters
- Let employees know to what extent they can use e-mail and Internet access for personal reasons and what constitutes appropriate business communication
- Tell your employees if you plan to monitor work e-mail, stressing that e-mail is company property to use for business purposes
- Prohibit employees from sending confidential or sensitive business information through open, unencrypted (more about encryption below) e-mail
- Restrict employees from using e-mail addresses for online registration or e-commerce sites, unless those sites have been pre-approved
- Restrict employees from downloading files attached to e-mail messages unless they come from trusted sources
- Prohibit staff from downloading files or software from the Internet unless they have your approval to do so. Also, you should require that any file downloaded should be scanned with anti-virus software before it is opened
To protect your company's future, you need to protect your company's data. To do so, there's no single "silver bullet" approach. Instead, you should approach data security from a perspective of layers or building blocks: Each safeguard you can put between security threats and your company will provide another layer of security for your company's data.
Print now
Send to a friend
Related articles
Related products
