One big problem that businesses face is constant change. Or, I should say, that’s not particularly a problem (change is good, at least usually!), but it’s a challenge. Many, even most, businesses fail to have a security policy in place at all. They don’t have a policy that states what data can reside on what devices, what the security measures must be, and so on. Even those that do have a good policy in place, still tend to make two mistakes:

1. They assume that the policy is “enough” to keep them secure, forgetting that employees break policies with extreme regularity.
2. They do not revisit the policy frequently, or even at all.

The second problem is my focus today. Technology changes by the second. We all know that. Therefore, policies have to be kept current, which means they must be very frequently reviewed to determine if they are still “applicable,” or if they’re obsolete.

Imagine if your business was still focusing its policies on the measures required for handling computer punch cards. Doesn’t that seem a little bit antiquated? By the same token, policies must be updated to cover new forms of technology, new working arrangements for employees, personal devices (smartphones are making this a hot topic), and so forth.

Don’t let the policies sit on the shelf. Review them, at least once per year, and preferably more.