Layered Security Approach Helps Small Businesses Protect Information
Focus Area 1: E-mail and Internet Policies
From payroll and personnel files to sales forecasts and the client database, information
is the lifeblood of your business. And protecting this information from loss, theft or unauthorized use is
not only crucial to the security of your company, but vital to maintaining the trust and
confidence of your customers and partners.
Viruses, hackers and other malicious intruders can — and do — threaten companies of all sizes.
In fact, more than half of the companies that responded to the 2006 CSI/FBI (Computer Security
Institute/Federal Bureau of Investigations) Computer Crime and Security Survey* said their organizations
had experienced an unauthorized use of their computer systems in the past 12 months.
Because malicious intruders pose a constant threat, every company should have a
plan for protecting its information. If you haven't yet developed a plan for your
business, now is the time to get started. If you already have a plan in place, now
might be a good time to give it a second look. One of the components your security plan should
include is an e-mail and Internet usage policy. Look for additional security "building blocks" in future articles.
E-mail and Internet Security Policy
Even for the smallest of businesses, it's a good idea to institute an e-mail and Internet security policy.
By getting everyone on the same page about security, you'll be less likely to experience security
problems. At a minimum, your policy should:
- Enforce a strong password policy that restricts employees from using easily-guessed passwords (such as their names, spouse's names, pet's name or passwords with less than five characters or all the same letters) and requires that they use passwords that combine longer strings of mixed-case characters with non-alphabetic characters.
- Let employees know to what extent they can use e-mail and Internet access for personal reasons and what constitutes appropriate business communication.
- Tell your employees if you plan to monitor work e-mail, stressing that e-mail is company property to use for business purposes.
- Prohibit employees from sending confidential or sensitive business information through open, unencrypted (more about encryption below) e-mail.
- Restrict employees from using e-mail addresses for online registration or e-commerce sites, unless those sites have been pre-approved.
- Restrict employees from downloading files attached to e-mail messages unless they come from trusted sources.
- Prohibit staff from downloading files or software from the Internet unless they have your approval to do so. Also, you should require that any file downloaded should be scanned with anti-virus software before it is opened.
|
To protect your company's future, you need to protect your company's data. To do so, there's no
single "silver bullet" approach. Instead, you should approach data security from a perspective of layers
or building blocks: Each safeguard you can put between security threats and your company will provide
another layer of security for your company's data.
For more information on IT security, visit www.dell.com/security or view additional articles on Small Business 360.
