{"id":369,"date":"2016-08-02T19:26:55","date_gmt":"2016-08-02T23:26:55","guid":{"rendered":"https:\/\/blissbook.com\/blog\/?p=369"},"modified":"2016-08-02T19:31:18","modified_gmt":"2016-08-02T23:31:18","slug":"creating-an-information-and-data-security-policy","status":"publish","type":"post","link":"https:\/\/blissbook.com\/blog\/creating-an-information-and-data-security-policy\/","title":{"rendered":"Creating an Information and Data Security Policy"},"content":{"rendered":"

The importance of safeguarding your company\u2019s and your company\u2019s customers\u2019 data is obvious. Since I wrote about data breaches a year ago in regards to how to place a security freeze to prevent identity theft<\/a>, the list of prominent organizations who\u2019ve suffered from data breaches is long. Disney<\/a>, Hillary Clinton\u2019s campaign<\/a>, the Democratic National Committee<\/a>, the University of Connecticut<\/a>, hotel<\/a>(s<\/a>)… the list goes on \u2013 and that\u2019s just in the last 45 days!<\/p>\n

Your company can reduce the risk of a data breach by having strong data safeguards in place. A great way to disseminate these data safeguards with an Information and Data Security Policy in your employee handbook<\/a>. This article covers an overview of all the different information that you may want to include in your data security policy.<\/p>\n

<\/p>\n

Passwords<\/h2>\n

Most data breaches do not happen as depicted in the movies<\/a>. They typically start with access to one person\u2019s account via social engineering<\/a> and spread from there. That\u2019s why it\u2019s important that every employee puts in the effort to keep their accounts secure.<\/p>\n

Your IT staff should decide how passwords are created, stored, shared, and communicated. Many companies use services like 1Password<\/a>, Dashlane<\/a>, or LastPass<\/a> to accomplish these tasks. If you do use those services, make sure employees know how to set them up and use them.<\/p>\n

Other Secret Information<\/h2>\n

Provide guidance on how employees can securely communicate sensitive information, such as credit card numbers, social security numbers, license keys, and so on. This information should never be written down on paper that can be misplaced or stolen, and it should not be recorded in any software that stores it forever (like email).<\/p>\n

IT Infrastructure<\/h2>\n

There are many things to consider for how to handle security for your IT infrastructure. Your IT staff will likely have a list of things to communicate. In general, here\u2019s what should be covered.<\/p>\n

General Info<\/h4>\n

How to use IT infrastructure. You probably want to mention things like:<\/p>\n