Blog / A Few Tricks For Good Business Policies
Good business policies are essential for successful business.
Cybersecurity has two main aspects. First are the familiar technical aspects like antimalware, web filtering, firewalls and all the rest. What often gets forgotten about are the non-technical aspects, but things like business policies and management attitudes play pivotal roles when it comes to cybersecurity.
Policies are a pivotal part of any organization’s security posture. Even though policies are a standard that every organization should use, not everyone knows how to make them. There are good and bad ways to write a good business policies, so let’s go over a few tips on how to put them together.
Despite the article image/thumbnail, the most valuable advice I can give is that policies should be short, around one page long. Keeping the scope fairly tight keeps the policy from meandering into unrelated territory, and makes them relatively easy to update. The policies and their details are often easier for employees to remember when they’re succinct and to the point. Policies that are kept short also naturally need fewer changes, as do your policy update records (of who made what change to the policy and when). Remembering a policy on passwords is easier than remembering that the company’s all-encompassing computer policy contains a section on passwords hidden away on page 12.
Now the obvious disadvantage is that it means your organization will have more policies. However, having worked with multiple organizations on this, multiple small policies work substantially better than a single, monolithic policy. All-encompassing policies rarely get updated, partially due to how long it takes and partly due to how difficult it is to update a policy that covers many different things.
It’s easy to find sample policies of various types around the internet, and what you’ll find is that they are almost universally short. Short policies have many advantages over long ones, but it goes without saying that reworking an organization’s policies is not a small thing. Reconfiguring policies so they’re all short could be quite the overhaul, so of course any change of that nature needs support from all levels of management.
This week’s Shakespeare quote comes from the play Julius Caesar, “There is a time in the affairs of men, which, taken at the flood, leads on to fortune.”
If you’d like help refocusing your business policies, contact a TRINUS cybersecurity professional for some stress-free IT.
Be kind,
Courtesy your friendly neighbourhood cyber-man