A Look at Business Security Policies

As businesses and corporations constantly grow larger and better, written policies are becoming more and more essential in maintaining security. There are endless ways to go about creating effective written policies, but the most successful have always been collaborative in nature. By having written policies that not only work well with each other, but also display a level of synergy, businesses can create an entire security culture. Every newly hired employee would read and sign these written policies in order to obtain full compliance, and in order to get them to sign it, the employee must both understand and agree with the policy. This is accomplished by making smart, intuitive decisions when it comes to your business security.

Social Media

All forms of social media, whether it be Facebook, Twitter, Reddit, or even email deserve their very own approach when it comes to security. With social media booming in current times, these technologies allow a level of transparency that the business world has never seen before. Sensitive information is easily leaked using these social media platforms, and damage control is nearly impossible. Your business should evaluate if allowing your employees to use these services is necessary, and if so, to establish policies regarding them. All sensitive information should never be posted on any social media platform, and employees leaking information that could in any way, shape or form be deemed offensive to your business image should be condemned. An NDA (non-disclosure agreement) should be drafted and signed by all employees regarding social media.


The internet offers businesses countless resources and is one of the most important technological advances in recent times. Unfortunately, the internet is also breeding grounds for hackers, spammers, and other people with malicious intentions. Your employees can download viruses, malware, spyware, and trojans, all of which can compromise your entire business very quickly. An internet policy should be utilized in order to limit what employees can do on the internet. There exists many software suites that accomplish this with minimal effort.

Physical security

Having a streamlined visitor management system is imperative. An unauthorized visitor can be a danger to your business and employees, via physical means or espionage. Draft a policy demanding all visitors be steered into a specific, controlled point of entry. Then, keep documentation about their arrival, where they are going, what they are doing, etc, so you have a leg to stand on if they cause any damage. Another important overlooked fact of physical security is key management. People can covertly make copies of keys and distribute them, so it is important that your company has strict policies in maintaining up to date lists of who has what keys.


The most important part of any security policy is that it is clear and easy to comply with. Overcomplicated policies only alienate employees, and often result in people feeling they need to bypass the security systems laid in place. Create policies for humans, by humans, and employees will respect both your company and the policies.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.