Writing Your Way to Security

Taking a “policy and procedure” approach is another way organizations can improve security.
Many organizations have employees sign a copy of the “terms of use” policy when they initially receive the devices and whenever devices are updated. Policies can address, among other things, password management, specifically outlining how passwords are set, changed and shared.
From a procedural angle, only users with “admin” status can be allowed to install software and updates. This procedural restriction prevents standard users from adding unauthorized applications, which may or may not be secure, to their computers. Some organizations also require that users lock their computers each time they walk away from the devices.
To prevent unauthorized access, procedures can dictate that inactive users are quickly removed from all systems, including mail and file servers. Additionally, a tight process needs to outline what happens when a computer is retired, sold or given away – spelling out what steps will be taken to ensure that all confidential information has been removed before the device leaves the premises.