One of the biggest technology issues facing businesses today is information assurance, including protection from hackers, competitors, disgruntled employees or customers, and even ex-employees. With the abundance of emerging technologies addressing intrusion detection, including firewalls and monitoring systems, it may seem daunting to small businesses to consolidate this mass of information into something useful.
Technology, however, is not the sole factor in establishing a core information security program in your organization. A cost-effective foundation begins with management sponsorship, the education of employees and the implementation of practical policies.
First, your employees should sign an acknowledgement that the company retains all rights to such works. Additionally, each employee should acknowledge that they will protect the intellectual property and trade secrets of the company and that if they leave the company, they will return the company's property.
Second, your employee handbook should address restrictions of employees' use of keys and other electronic means of access to the building, or specific rooms or areas of the building. For instance, "hitchhiking"--allowing two or more people a pass at a keycard station--should be prohibited.
Also, the policies should include the following:
* All computers, facsimile machines, servers, voice-mail and e-mail systems are the property of the company and are to be used for company-related purposes only.
* Offensive language (or graphics) must be strictly prohibited.
* Employees need to receive notice that their e-mail and work data belong to the company and should not be treated as "private."
* Management must reserve the right to review any electronic media without notice.
* Passwords should not be shared.
* Downloading of software from the Internet, if permitted at all, should require the prior consent of management or designated information technology personnel.
* Alphanumeric passwords, i.e. a combination of letters and numbers, should be encouraged.
Enforcement of these measures is a basic and fundamental component of information security. Once enforcement is established, the technology component can complement these policies. Remember that even the best technological investment can be undermined by poor...