Set up security policies – now

Call centre. Sales. IT. R&D. Your employees, in every department, are the most important defense in protecting information about your company and its customers. Information security involves systems and technology (safeguards against malicious interlopers), but it also relies

on clear communication. According to the “Security Worksheet”, an online survey of 458 IT professionals developed with security experts at @Stake Inc., only 28.2 per cent said their organization had a company wide security policy. Only 37.6 per cent label documents in terms of their security status, and 21.8 per cent specify how sensitive company documents should be treated.


1. Put people first.

It may be an old Bill Clinton campaign slogan, but it holds for security policies: You’ve got to get workers on the right page. “Employees are your security,” says Mudge, which is the nom de guerre used by the vice-president of R&D at @Stake in Cambridge, Mass. “They are your potential leaks, but they are also the people you rely on to keep policies in place and to point out possible problems.”

2. Identify core business assets.

A well-defined security policy reflects the company’s core vision and reinforces what matters to the company from a financial and business stance, Mudge says. Assess what is most important to your business. Identify core business assets and what level of security these assets warrant.

3. Develop labeling guidelines.

Once you know what you have and what needs protecting, designate how to treat each information asset. Classifications could include public record (available to all), company confidential/proprietary (accessible to staff) or classified.

4. Specify handling rules.

Consider how company information travels – across your network, data and voice lines, via cellular phones and wireless PDAs. Then specify how information needs to be treated, including how it will be marked (top of document, watermarked paper), transmitted (encrypted, no wireless access), stored (secured servers or locked file cabinets), destroyed (shredded or deleted) and disclosed or released.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now