Cybersecurity: Company Security Policy
Depending on the type of business, employees can have daily access to sensitive information on customers, vendors, partners, or other employees. It’s a good idea to have a company security policy that is spelled out so there is no confusion about what is considered appropriate. The Roanoke SBDC has developed a sample template that you can copy, paste, and customize for your employee handbook.
Company Security Policy Template, for use in employee handbook
At {company}, it is important that we protect personal financial, health, and other data of customers, vendors, and employees. In order to do this, we require that employees:
Not share personal information about customers, vendors, or other employees.
Comply with the company’s password and data security policies, including creating passwords that are:
At least 10 characters long.
A combination of uppercase letters, lowercase letters, numbers, and special characters. Ideally, the letters will not spell an actual word, though you can substitute a number for a letter, or make the capitalization random if that makes it easier to remember, such as: RoAn8Ke instead of “Roanoke.”
Unique to your company system, i.e. not the same as a personal password you use.
Not written down near your computer or device.
Employees who bring their own device (smart phone, tablet, laptop, etc.) will check with management before connecting to the company WiFi network.
Do not share the WiFi network password with anyone, unless you are pointing a customer to the publicly available network.
Complete all cyber awareness training in a timely manner (your manager will tell you more about this depending on your role at the company).