Taking a “policy and procedure” approach is another way organizations can improve security.
From a procedural angle, only users with “admin” status can be allowed to install software and updates. This procedural restriction prevents standard users from adding unauthorized applications, which may or may not be secure, to their computers. Some organizations also require that users lock their computers each time they walk away from the devices.
To prevent unauthorized access, procedures can dictate that inactive users are quickly removed from all systems, including mail and file servers. Additionally, a tight process needs to outline what happens when a computer is retired, sold or given away – spelling out what steps will be taken to ensure that all confidential information has been removed before the device leaves the premises.