Computer Security > Small Business Security Computer Checklist

Step 7 - Create a Security Plan

A computer security plan can help your organisation and employees understand and avoid security risks that occur when using your computers. It is a document that covers the rules and practices that you want your staff to follow when working with e-mail, browsing the Web, and accessing confidential data stored in your system.

Key point: A security plan helps your organisation reduce security breaches and data loss by helping employees follow through with safe computing practices.

On This Page
More about security plansMore about security plans
What to include in your planWhat to include in your plan

More about security plans

When developing a computer security plan, start by assessing how well your organisation currently complies with established security guidelines and if you are protecting the information and systems that are critical to protect. You might appoint a tech-savvy employee or group of employees to take charge of the project. Or you might consider hiring a computer security consultant to investigate your security status and report back on where you need to improve.

The focus of security planning will vary from business to business. For instance, security planning for a quiet company with a large amount of confidential data may differ from a company that has a lot of visitors and wants to prevent the theft or tampering with their PCs. When creating your security plan, identify and work on securing the IT assets that impact your business the most. Also make sure you create rational policies and that you can clearly explain to employees the reasons for those policies. And be clear in the plan about what happens to those who don't comply with it.

What to include in your plan

Despite some variation in security priorities, most plans will address the following:

How to protect against intruders
This section of the plan describes the security technologies that you want installed on your desktops, laptops or servers in your workplace. It should discuss:

How you will manage security updates to software you have installed.

How you will deploy firewall protection.

How you will install antivirus and antispyware programs and how you will keep them up to date.

How you will physically protect computers and servers from theft and tampering.

Security best practices
This section of your security plan focuses on security practices you want to adopt within your business. Here you might state your policy on:

How to create and when to change passwords

Backing up files

How to handle suspicious e-mail attachments

Using encryption

Downloading programs to computers

Creating user permissions

How to implement the plan
It is important to prioritise and assign any tasks you generate in your plan. If having up-to-date antivirus software installed on all your computers is part of your plan, then enlist a staff person or contractor to check all your computers and install or update the software. Include a timeline and completion date for performing all tasks.

When to update the plan
Try to schedule an annual review of your security plan. Your security needs may change, and new security technologies may be available to meet your current ones. If needed, assign someone to take on the project of updating the plan


Seven Steps to Better Security

1. Update Your Software
2. Install Virus and Spyware Protection
3. Set Up a Firewall
4. Back Up Your Data
5. Guard Against Computer Theft
6. Secure Your Private Network
7. Create a Security Plan

Tell Me More

Have your plan focus on the most probable security risks and problems. Consider, for instance, that it is more probable that an employee will have the bad habit of keeping his or her password on a piece of note paper than trying to sabotage your network. By focusing on the probable, your security plan will be more effective and you can keep security costs down.