What internal security policy should be applied in SMEs?

Some companies may establish very restrictive IT security policies. Already in force in large groups, these rules are now arriving in small businesses. This is shown by a few examples from across the Atlantic, which reveal a highly regulated use of IT tools. Here, in an SME of less than 50 people in the industrial sector, the management enjoins its employees not to use passwords or access a file without authorization. She also asks them not to search for archived communication notes without permission.

Certain rules also apply to the behavior to be followed internally to ensure that decorum in the company and good relations between employees are preserved. It is therefore requested not to use computers and messaging tools in a way that could be offensive to others or unethical. In this very cautious company, the management leaves nothing to chance. House rules require that you do not post, upload, or email any sexually explicit images, messages, or cartoons. Tasteless jokes, ethnic put-downs, or anything that another person might consider disrespectful is also prohibited. All things common sense but apparently in this business are better said.

No question either of using messaging for commitments outside the company. Employees with political or religious activities are requested not to send e-mails from their office, nor any other e-mail not strictly related to their work since it is for this only use that the licenses and computers were purchased.

And, it goes without saying, it is absolutely forbidden to illegally duplicate software and its documentation. And if by chance, a colleague ventures to do so, it is requested to notify a manager or the HRD. Employees who violate these instructions will be subject to disciplinary action up to and including dismissal.