Technology
December 22, 2022

Home and SMB Network Design 12 – Network Security – Basics

Most home users can close their eyes and blithely overlook this item. That’s not to say it doesn’t apply, just that not many home users want to go heavy and official with their family, and this article covers the dreaded topic of Security politics

What is a security policy?

A security policy is a statement (usually written) of what users of your systems can and cannot do. It also usually covers some aspects of the penalties that will be taken for violations of the policy. (Now see why not many home network owners implement a security policy!)

A comprehensive security policy states the obvious, as well as the obscure:

  • If you don’t want your staff to use work computers to surf the web for private purposes, say so. Also say what will happen if they are caught doing it. And tell them why (misuse of business resources, wasted time, traffic costs, impact on other business processes, danger of virus/Trojan infections… the list is (almost) endless).
  • If you don’t allow users to take their laptops home, tell them so.
  • One often overlooked threat is users taking company laptops home quite legally and then connecting them to unsecured home networks. Make sure they understand that the company’s security policy applies ALL THE TIME, even when they are at home or on vacation in the Seychelles.

Make sure the policy is consistent and clearly written. Consistency is especially important in its applicability. If the policy does not apply to the son of the boss or the IT director, make that clear in the policy and explain why. Users often use the excuse “Well, he did it, so why shouldn’t I?”

Of course, if the policy is too broad, no one will read it, so use all the advertiser’s tricks to drive home the point: login prompts, browser interfaces where you have to click ‘read and understand’ to continue , training and question and answer sessions, announcements on bulletin boards, regular monitoring and well publicized sanctions, from verbal and written reprimands to dismissal for very serious or repeated violations.

And once again, make sure EVERYONE knows what it says and to whom it applies. An important issue that is often overlooked is that senior staff need to be more careful in applying it than junior secretaries. After all, a CFO’s laptop is more likely to contain potentially company-destroying information than a salesperson’s PDA.

Why bother having a security policy?

Your security policy is a bit like an insurance policy. No insurance policy stopped an accident or prevented a disaster directly, but such documents:

  • Inform users of what they can and cannot do and still stay within the rules – they ignore the policy at their own risk!
  • Tell users that you are aware of what they are doing and what action you will take if they break the rules.
  • Give him ammunition if any action is required.
  • It gives your IT designer and support staff a baseline for implementing your security architecture.
  • And, possibly most importantly, to prevent any offender from saying “I didn’t know…” or “You never told me…”

Creating a security policy is always a two-way process: very often the user/designer/IT support will come to you and ask “But what about…?”

Remember: no security policy is really finished. The goal posts are moved, new facilities, services and threats are developed. Your IT team should review your security policy quarterly, and the IT management team or the Board should review it annually.

admin
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Recent Comments

    Archives

    Categories

    TOGEL
    Slot gacor hari ini
    Slot gacor hari ini

    Meta