All Blogs

How to Develop a Network Security Policy

laptop surrounded by traffic cones

During these strange times, confusion seems to be reigning supreme. Particularly confusing is network security when employees are working from home and what exactly should be done to protect your business. Even the most conscientious employees can make mistakes concerning network security, simply because they don’t know what they should be doing and what the expectations actually are.

This is particularly true in small to medium-sized businesses where policies can range from extremely informal to formal when it comes to being detailed and adapted to the present situation. So, it has become more important than ever that companies put rules in place to help employees do their part in safeguarding the business.

Whether you have office rules or a whole employee handbook, a Network Security Policy needs to be created or updated in response to the new normal. You will need to include sections on:

  • Remote Access – This policy sets the rules for employees accessing the network outside of the office. For example, if it should only be over the VPN, over a secure, private-access router or mobile hotspot, no public Wi-fi, etc.
  • Password Management – Strong passwords are a must for security. These policy rules describe what is meant by a “strong” password and what is considered acceptable. This policy should also direct which password management tools are acceptable and the frequency passwords must be changed.
  • BYOD – Even if you provide digital devices such as a laptop or smartphone for your employees, you need to set the rules for using these devices for personal use and vice versa, using personal devices for business use. Even if you already have a BYOD policy, it should be updated and rules regarding new and stronger security measures should be included.
  • Acceptable Use – There is always a concern about employees doing non-work-related activities, particularly on company devices and during office hours. Most companies recognize that an employee quickly checking their personal emails or glancing at their Facebook page during breaks is something they can live with. However, you need to specifically outline the rules regarding when they can, for how long, and draw the line at activities that could harm the company such as gambling, inappropriate websites, installing questionable apps, etc.
  • Usage Guidelines – Depending on your business, your network security policies should also include, if not already, rules regarding which web browsers employees can use, not to use a company email address for personal activities (even online shopping or banking), file sharing with individuals outside of your business, backup procedures such as not backing up to a USB drive, among other matters specific to your business and operations.
  • Policy Enforcement –Your Network Security policy should outline how you will be enforcing the policy such as implementing certain technologies. For example, ones that can track their location and computer usage. The policy should also include the frequency of security checks. Typically, policies enforcement sections include such language as: “disciplinary action up to” and “including termination of employment.”

Creating a Network Security Policy cannot be created in a vacuum. To be beneficial and effective, you need to contract with a managed IT services provider. Specifically, one who has experience and expertise in network security policies, what type of information to include, who needs to review, and how to maintain it.

At Midnight Blue, we provide all of these managed IT services and more. In addition to advising you on policies and procedures, our expert team can also implement technologies and methods to enforce policy, create Incident Response Plans, and support your employees through remote access and security applications. Contact us to learn more.