Setting Goals
To enforce safe Internet, e-mail, and desktop operation as part of your every day personnel practices, your goal should be to incorporate cyber security practices into your documented processes and regularly review to ensure that your policies are up to date. When you are thinking of procedures consider:

• How do you and your employees use the Internet?
• Email practices: what to do when receiving email from someone you do not know; what to do when you receive an attachment.
• How to safeguard a password for your desktop computer.

IT security procedures are recommended for:

• All employees, who use computers in their work
• Help Desk/system administrators
• System maintenance
• IT Out-Sourcing: criteria for dealing with vendors and contractors
• IT Applications: criteria for purchasing software

Applying Policies to Your Company
Start with your organization’s Security Policy and Mission statement for developing cyber security procedures to be used in various aspects of your business.  Describe in detail, how the policies will be implemented.  Look at the who, when, where, why, how of your procedures.

There are key types of cyber security policies to consider adding to your documentation.  These best practices include:

• IT security policies
• System administration guidelines
• Windows NT/2000/XP/2003 security guidelines (Desktop Security Guidelines)
• Data server guidelines
• Network security policy
• E-mail security
• Malicious Software guidelines
• Appropriate use of the Internet
• System administration guidelines
• Web-hosting and/or E-Commerce guidelines
• Telephone or help desk/call center inquiries
• Password policies

Consider conferring with a technical expert on how to apply these suggestions to your company policies.