What should be included in a written security policy?

Depending on the industry that you are in, and the data security and compliance regulations that may apply to you, a security policy can be quite involved.

At a minimum, every business should have a written security policy to demonstrate that the company takes data privacy and security seriously and has systems in place to protect it.

Without having a policy in place, that all employees have seen and agree to abide by, it may be problematic should a problem develop in the future.

A basic security policy should include:

  • Password policy  (click HERE for password policy tips)
  • Acceptable Use Policy for email, internet browsing, social media, etc. (click HERE for AUP tips)
  • Access and control of proprietary data and client data
  • Access to company data from remote locations, or on non-corporate devices
  • Physical security protocols for doors, dealing with visitors, etc.
  • Understanding data classification, what is critical and private data?
  • How to deal with and report lost or stolen devices
  • How to handle and report a suspected security breach or data loss
  • Requirements and expectations for Security Awareness Training  (click HERE for cybersecurity training tips)
  • Use of third party cloud or file sync services such as Gmail, Dropbox, etc.
  • Requirements for encryption and computer locking procedures

There are very specific requirements that your business may need to adhere to, and there are tools and templates available to help get started. If you would like to see some sample policies and talk about how we may be able to help you put a plan in place, give us a call today!

At White Mountain, we make changing IT vendors EASY!

Thanks for visiting, we look forward to hearing from you.

10 Computers72x72 highlight310 50 Computers72x7250 100 Computers72x72100 Computers72x72

Frequently Asked Questions

Here are some common questions that we hear from companies your size.

White Mountain IT

Related Posts

Implementing Bring Your Own Device, Without Bringing Your Own Risks

First, let?s go over what a Bring Your Own Device policy is, and why it has become a popular strategy for modern businesses to implement. Why is a BYOD Strategy a Popular Option for Businesses? Bring Your Own Device is a policy and implementation that enables your team to make use of their personal devices for work purposes, which presents various benefits for both parties. From the employees? p...

Ransomware is Still a Major Threat for All Businesses and Individuals Alike

Prioritize Your Backups We recommend that you make data backup a top priority for your business in just about all situations possible. Good backups keep your data safe in an isolated environment where they can be accessed as needed. We recommend you use the cloud, offline backups, or off-site data centers for your storage needs. You can also use automation to ensure that the process is as consist...

Critical Security Measures for Data Privacy

In an individual sense, at least, it?s relatively simple. You don?t want to share anything more than what you need to. However, there is also something to be said for security and its relationship with privacy, and whether or not you should sacrifice one to maintain the other. You don?t have to pick one; in fact, you should be using security to protect your data privacy. Today, we?re investigating...

Insurance Companies Are Asking My Business About Its Cybersecurity. What’s the Deal?

You might have noticed that business insurance companies are starting to show an interest in how you are protecting your technology and data. If your org has been in touch with your insurance provider regarding modifying or renewing your business insurance, you were likely handed a lengthy questionnaire about your cybersecurity. Let’s take a look together to help you make informed decisions on how...