7 Must-Have Security Policies for Your Business

This article was updated as of August 26, 2022. 

For many organizations, the past year has been filled to the brim with change. Along with the shift toward work from home, companies are now faced with matching new productivity tools with corresponding security measures. 

With so many regulatory requirements for cybersecurity, we know it can be tough to keep track. We’ve outlined the top seven minimum security policies for your business. 

1. All employees must participate in annual security awareness training. 
2. Implement Multifactor Authentication (MFA) for Microsoft and all other business applications where available. 
3. For all credentials that do not require MFA, a strong password policy should be implemented, with a minimum of 14-15 characters, and require complexity where available. 
4. All laptops must be encrypted using Bitlocker or a similar method. 
5. All servers must have a backup mechanism in place. 
6. All computers must be protected with antivirus/anti-malware capabilities. 
7. Security policies should be documented and well-organized.  

Prioritizing these seven best practices, organizations can effectively create a more secure environment, decreasing the likelihood of compromised sensitive or otherwise valuable operational or client data. 

Well-designed and –executed security will improve the employee experience, improve the integrity of company data, and mitigate your risk of data loss. If you have questions or concerns about your organization’s security posture, fill out the form below to contact the expert, Kathel Kelton, CISSP.