IT Security Policy

Build a Strong IT Policy with West X


A strong IT security policy is important to help protect your sensitive data from cyber breaches and improper use. For small and medium businesses, this task often falls to a manager who may not have specialized IT experience. If you company lacks internal IT resources, a Managed IT Services provider can offer valuable expertise to help you draft a well-defined security policy.


Here are four key areas that should be addressed in your company’s policy:


  1. Passwords – Weak passwords can compromise your security. Some companies prefer to assign employees specific passwords, ensuring they meet the highest security standards. However, this may make it  difficult for employees to remember and they may inadvertently compromise the network by writing down their passwords for reference. You may decide to set specific protocols and allow employees to choose their own within these parameters. Regardless of what you choose, requiring frequent password changes – ideally every 30 to 90 days – helps increase your security.


  1. Acceptable Use – Employees must be educated on what network and Internet behaviours and usage are appropriate and safe. They should also be aware of the consequences of their actions. The role of personal devices for business use and transfer of information should also be discussed. To encourage compliance, it can be helpful to use ‘real-world’ examples to demonstrate ways in which various behaviours can compromise the network.


  1. Training and Planning – As part of your security policy you should determine the frequency and type of training employees will undergo to help them learn their role in your IT security. Plans should also be communicated about what to do in case of a breach and tasks assigned to various staff to expedite the recovery process. Responsibilities such as contacting outside agencies for assistance, coordinating in-office communication and handling client relations should be decided on now, and employees trained in their various roles.


  1. Enforcement – Inappropriate use must come with consequences to encourage compliance. These should be determined in advance and address topics such as unintentional breaches and malicious activity. All employees should be educated and required to sign a statement of understanding to ensure that they know they will be held responsible for their actions.


Formulating a robust IT security plan before a data breach happens will reduce the risk of one occurring while mitigating the effects if one does. A Managed IT service provider can work with you to help protect your business from this potentially devastating event.


tech assessment_1