Assign a password to every PC and device your company owns
Set up PCs so they lock and require a password when an employee walks away from his/her work station
Change passwords at least quarterly
Set up an encrypted system if login and password information needs to be shared—never use regular e-mail
Procure and install anti-virus and malware detection software on each company device
Set up regular monitoring and alerts
Follow reliable sources for news on newly discovered Trojans, spyware, and viruses and how to recognize and avoid them
Update software as soon as bug fixes and patches become available
Encrypt your data during regularly scheduled backups
Store both your on-site and your off-site data in a secure location
Establish policies and insert them in the employee handbook.
Consider:
[/unordered_list]
A PC will lock after 1 minute of idle time and require a password to unlock
Your company only hires the brightest and the best so expect NOT to find passwords anywhere, especially in the desk drawer or box of paper clips, under the keyboard, mouse, or desk chair; on the bulletin board, etc.
Passwords must be updated every 90 days and must include at least 1 number and 1 special character
Sharing of passwords and other encrypted, proprietary, or sensitive information are grounds for immediate dismissal
Every e-mail will have a subject OR it should be treated as spam and be deleted without opening and without clicking any links
The following sites are off-limits on company time and equipment: ___________ (either list specific sites or classes of sites like “those that have nothing to do with your job” or social media, videos, sites ending in certain country codes, etc.)
Good judgment will be expected from all employees—don’t click on links just because you recognize the sender’s name
Hired help from outside of the company needs special permission to have access to login and password information—don’t just trust someone who says they are troubleshooting for Apple, Dell, or Microsoft