As new threats arise, it is imperative to keep policies up to date to protect your business. Your employee handbook needs to include a multi-tiered IT employee data security plan made up of policies for which all staff, including executives, management and even the IT department are held accountable. Acceptable Use Policy - Specifically indicate what is permitted versus what is prohibited to protect the corporate systems from unnecessary exposure to employee data risk. Include resources such as internal and external e-mail use, social media, web browsing (including acceptable browsers and websites), computer systems, and downloads (whether from an online source or flash drive). This policy should be acknowledged by every employee with a signature to employee data signify they understand the expectations set forth in the policy. Confidential Data Policy - Identifies examples employee data of data your business considers confidential and how the information should be handled. This information is often the type of files which should be regularly backed up and are the target for many cyber criminal activities. E-mail Policy - E-mail can be a convenient method for conveying information employee data however the written record of communication also is a source of liability should it enter the wrong hands. Having an e-mail policy creates a consistent guidelines for all sent and employee data received e-mails and integrations which may be used to access the company network. BOD/Telecommuting Policy - The Bring Your employee data Own Device (BOD) policy covers mobile devices as well as network access used to connect to company data remotely. While virtualization can be a great idea for many businesses, it is crucial for staff to understand the risks smart phones and unsecured WiFi present. Wireless Network and Guest Access Policy - Any access to the network not made directly by your IT team should follow strict guidelines employee data to control known risks. When guests visit your business, you may want to constrict their access to outbound internet use only for example and add other security measures to anyone accessing employee data the company's network tirelessly.