5 Things Your Data Security Policy Must Include

Posted December 3, 2019

A few days ago, Google let go of several employees who were engaged in alleged data security violations, including “systematic searches for other employees’ materials and work.” While the whole story hasn’t emerged yet, it goes to show that even one of the most powerful tech-based companies in the world isn’t impervious to hacking, data theft, and security threats. That’s why every employee who has access to your network must be taught, reminded of, and held accountable to a thorough data security policy

With more and more small businesses becoming the preferred target for ransomware, and the cost rising exponentially with every instance, a gap in your security policy armor could easily spell disaster for your company.

In more than a quarter of cases wherein a business is exposed to a data breach, human error on the part of an employee was the root cause. Keeping your workers well-informed can prevent those careless accidents from happening and protect your assets.

When creating a security policy, there are going to be nuances specific to your company. But, there are 5 key pieces that every business should incorporate:

Strong Passwords

A good rule of thumb is that a password should be more than 12 characters, use a mix of characters, and only be used for one account. That means that every password you use across the web should be unique, as access to one immediately grants access to any other account that has the same password.

In your data security policy, you should also dictate that passwords are changed frequently. Typically, you can keep a password for up to 90 days before it needs to be switched.

Standard Email Practices

In many cases, phishing scams and malware downloads originate in your employee’s inbox. One misclicked link could cause a whole mess of trouble in a matter of just a few hours. You should also have a set of rules dictating what can and cannot be sent through email, specifically confidential company data. Email usage should be closely monitored, and all employees should receive training in identifying common scam signs.

Limit BYOD

The Bring-Your-Own-Device phenomenon makes remote work and after-hours productivity easier than ever before, but it also opens the door for security blind spots. Businesses that require employees to access company email, calendars, or mobile applications outside of work should provide a device for employees, as this is the easiest way to regulate what can be downloaded or uploaded.

Make Data Privacy a Priority

Your company should have a clear policy explaining how, when, and why customer data should be shared. Explain to your employees that everytime a client signs up for services or shares information with you, it becomes the company’s responsibility to protect it at all costs. Improper handling could lead to litigation, fines, or worse.

Spring for Trainings

If they’re available in your area, ask that your employees attend annual mandatory security training. Not only will that help keep them accountable for their data usage and network access, it will also keep them up-to-date on the best methods to keep themselves and the company safe. Your IT personnel can also fill this role, if they were to attend professional development opportunities and then shared them with the rest of the building.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.