A large number of Infrastructure Security Audits show that most security breaches are preventable which is why companies need to not just develop, but also enforce a corporate security policy.
What is a corporate security policy?
A corporate security policy states how a company plans to protect a company’s physical and IT assets. Having one isn’t enough – enforcing one protects a company’s employees, assets, information, integrity and reputation from potential threats, both known and unknown.
Most companies have something resembling a security policy, but they may not be updated regularly. A more likely scenario is that nobody outside the IT department, senior management and external auditors knows of its existence. ISO 27001 requires compliant companies like Trilogy, to enforce corporate security policies and procedures.
Having a corporate security policy is of no use unless all your employees are aware of and abide by its contents. To ensure this happens, businesses can use some of these tips.
Tips to help enforce your corporate security policy
- Distribute the security policy to all staff and capture employee signature to confirm compliance.
- Do the same for each new hire.
- Incorporate disciplinary procedures for continued non-compliance and BYOD (Bring your own device) policies. Here’s an article on 5 BYOD security implications and how to overcome them which should help.
- Circulate corporate security policy updates as soon as new versions are available, highlighting changes from the previous version.
- Carry out regular mandatory training sessions to educate employees, particularly when new updates are available.
- Encourage feedback, questions and suggestions on current security policies
- Monitor activity to ensure compliance.
You may also wish to use graphics perhaps in the form of screensavers, start up screens or even posters to encourage enforcement.
And most importantly, explain WHY adhering to the policy is important. If people know and understand why, it’s much easier to get them to follow procedures and then they become part of the security solution. Here’s a recent blog on promoting a security culture in your business.