A matter of policy
A sound Information Security policy is a vital first step in reducing the risk of unauthorised access to your systems and data.
Staff need to know what they can and can’t do and the consequences of over-stepping the mark. They therefore need clear guidelines on such things as passwords, internet access, e-mail, and use of the organisation’s computing facilities for personal use. And it’s a good idea to include clauses in employment contracts stating that e-mail, internet access, etc will be monitored and action taken against people who abuse their privileges.
Clearly defining the boundaries of what constitutes acceptable behaviour, and what doesn’t, also gives you more chance of successfully taking action should an security breach occur.
So if you haven’t already published an Information Security policy, why not make a start on it today?