Every company, including yours, has digital assets. A digital asset is digitally stored content or an online account owned by an individual or company. Digital content includes individual files such as images, photos, videos and text files. It is in your best interest to define what those assets are for your company and create a network security policy to protect them.
Even if you don’t have an internal IT department, consult with your outsourced IT management company to help you develop your security policy. Trust us when we tell you that someone somewhere wants what you have. In other words, if it has value to you, it’s valuable to someone else – even something as common as your company logo or contact list. You need to prevent others from stealing your digital assets, and that means having a network security policy in place.
What is a Network Security Policy?
Generally, the Network Security Policy (NSP) is a document or set of documents that explain the accepted use of, protection of and consequences for abusing the information technology assets at your organization. This set of evolving documents should be visited periodically and updated per technology changes and employee requirements. Sub-topics in this top-level policy might include acceptable use policy, computer use policy, internal access policy, external access policy, mobile device policy, etc.
Do I Really Need a NSP?
Even a small company should have guidelines of expectations for the network and resources. Those expectations are from the managers, employees and vendors. They may not all have the same guidelines, but they should all be defined for what is and what is not acceptable. What should be protected and how. It should define the consequences for ignoring the guidelines, and what to do in case of a data breach.
It is a matter of awareness, education and security for everyone involved with handling your digital assets. Should a breach occur, your NSP serves as a ready-made procedure to follow and prevents users from claiming, “I didn’t know.”
Okay, I’m Convinced My Company Needs a NSP. What Now?
There are many guides online that can give you a good place to start. Determining what kind(s) of policies you might need is the first step. Generally the Acceptable, or Appropriate Use Policy (AUP), a document outlining rules and practices to be followed for access to a network, is a good cornerstone. This helps spell out what the users of your network can and shouldn’t do with network resources. It should be as explicit as possible to prevent misinterpreted guidelines.
How is a NSP Enforced?
As part of the guidelines, determining the appropriate level of disciplinary action against abusers is vital to the policy. It should be spelled out and enforced when abuse happens. After all, this is your company’s data and infrastructure we are talking about. Would your business survive if your digital assets were breached and misused? It’s a serious offense and should be enforced as such.
To learn more about the importance of NSP’s and how they’re established and enforced, check out the following resources:
Network Security Concepts and Policies – ciscopress.com
How to develop a Network Security Policy – windowsecurity.com