Here's two elements of a security policy:
- Passwords. Every computer must have a good password, and even though you hate to do it, passwords must be changed regularly. If your computer can be accessed by anyone, from intruders to unauthorized staff, then you risk losing your trade secrets, client lists, personal data about clients and staff, and even financial data including accounts and passwords.
- Phones: Company phones should have a password/PIN to unlock, and remote wiping capability. Company phones might contain information useful to competitors as well as personal information of clients and staff.
- The above would apply to personal computers and phones used for work or which may have and such data on them. For example, do you log into work email on your home computer?
