Stop Saying You're 'Too Busy' to Write an Information Security Policy

Posted by Steven Vigeant on 11/15/13 9:53 AM

Computer hackerSeemingly every day there are stories on the news about data security issues. These range from individuals having their identity stolen, to major corporations loosing massive amounts of customer information. In spite of all these situations, it is easy to be nonchalant about information security.

If you run a small business, you may think that your assets are too small and your day-to-day operations so ordinary that no hacker would take the time to target you. Unfortunately, these same features are what make your business appealing to hackers. If you are operating without an information security policy, there are easy and obvious vulnerabilities that hackers can exploit to steal your data.

It is more important than ever for all businesses to have an information security policy in place and to consult it regularly. Developing one may seem time consuming, but it could save you huge amounts of work and money down the road. You may already be in breach of the law if you do not have one in place. Make sure that any policy you draft addresses all the following concerns.

Access Controls

Who will have access to your data, and what will this access entail? You information security policy needs to provide guidance about picking secure passwords, safely downloading files and maintaining administrative overrides. The first step to protecting your data is knowing who has access to it.

Anti-Virus Protections

Protecting your IT infrastructure from computer viruses is an ongoing process. You need to identify the protections that are right for your company, keep them constantly updated and continuously scout around for new protections. Your information security policy can help you manage this process in a systematic way.

Data Backup

Data loss is an issue even if does not fall into the hands of a malicious party. For some businesses, losing 2 weeks worth of data to an unforseen disaster can be crippling. Having comprehensive and automatic data backup measures in place helps ensure that you never lose important files. With data storage being so expansive, there is no excuse for not saving anything and everything. Your information security policy will also guide you on how to keep this data secure and encrypted.

Legal Compliance

This is one aspect of data security that too many small businesses overlook. There are a number of states that have made it a requirement for any business that works with sensitive health, legal or personal information to have an information security policy in place. The goal is to protect citizens from the risk of a data breach.

The specifics of these laws varies by the state and the size of the business, but noncompliance can cause serious headaches. In the wake of a data breach, businesses may be subject to monetary fines, legal action, and a damaged reputation. Businesses in Massachusetts are already required to comply with a data protection law, and as the problem grows, it is almost certain that there will be further regulatory action.

Developing an information security policy is a helpful exercise simply because it gets you thinking about the ways your company uses and possibly loses data. If you need guidance developing a policy that is effective and legally compliant, turn to your IT partner. Their expertise in this area can spare you a lot of uncertainty and guesswork. To learn more about what professional IT services can do for you, read our white paper “The Ultimate Small Business Guide to IT Outsourcing.”

The Ultimate Small Business Guide to IT Outsourcing

Topics: Data Security