The Art of Security Policies

Have you ever noticed how security policies tend to be long and complex? These policies are typically required reading by new employees, but many of them just sign it without reading because it is so long. Then, after some time passes, they may break the rules that they don’t even know exist, because they never read the policy. I have read many of these policies over the past few decades and have seen a variety if good and bad things included as measures to protect the network. But I tend to think they would be much more effective if we used a one-page standard to define unauthorized user activity. I’m pretty sure we could hit all the major topics in bullet format on one page and leave enough room for a signature. In this case, the employee would probably actually take the time to read the policy and have a good understanding of what is not allowed. OK, so practically, what could that look like? Here’s a short example of some unauthorized activities:

  • Visiting websites or subscribing company email accounts to services that include content that is pornographic, sexually explicit, hacking related, violent,
  • Using any medium or technology to copy or attempt to copy company data off the network without express written permission

These two bullets cover 90% of what most policies prohibit and only take up 4 lines. Do you really need a policy that is several pages long? Probably not. I suggest you take a look at your current security policy and find a way to streamline it into something much smaller so your employees will be better informed. You may even find that you have less infractions to deal with as well! As always, we are standing by to assist you in providing you the strategic advice you need to implement this, or other, security technologies. Sign up below for access to our free video about saving time, money, and resources in cyber security and to schedule a free cyber security consultation with a proven expert in the field.