Advances in technology mean that a cybersecurity policy is as important as a physical security policy. Companies are now more vulnerable to attacks on their computers than they are on their premises.
Cybersecurity is the responsibility of every employee who has or accesses a computer that belongs to the company. Standardized rules are essential so that everyone knows what is expected of them. Mediation of such a policy is vital so that employees understand the contents of the policy and the implications of violating it.
Here are some critical features of a sound cybersecurity policy:
1. Data confidentiality
The necessity of protecting company data is self-explanatory but should nevertheless be included in the cybersecurity policy. Employees should be instructed to preserve data integrity and avoid security breaches.
Confidential data includes, but is not limited to:
- Customer lists
- Production processes and applied technologies, formulas, and patents
- Unpublished financial statements or information
- Information about customers, service providers, stakeholders, and partners
- The nature of additional confidential data will depend on the individual organization and the sector in which it operates.
2. Protection of devices
Both company and personal devices such as computers, tablets, and phones must be secure. Employees often use their personal devices for work purposes, and this is the most convenient point of access for hackers.
Guidelines for the protection of devices:
- Employees should make sure all devices are protected by up to date antivirus software. The software should not be allowed to expire.
- Each device must have a password that should be changed regularly.
- Accessing the company system through a network other than the organization’s exposes the data to risk. All devices should have a virtual private network (VPN) installed on them. Consult the Nord VPN Review to get an idea of what a VPN should do.
3. Email scams
When employees access their email accounts, they should do so with caution. Email scams are easy to set up and expose the company system to malware such as worms.
Email security guidelines:
- Avoid opening attachments on emails from unknown sources.
- Links that point to videos should be approached with caution, especially when the content of the video is not clear. This type of clickbait can be hiding malware that enters the computer as soon as it’s accessed.
- Be aware of spoofing, which is the practice of disguising communication from an unknown source by making it look like it’s from a known source. Look out for inconsistencies in the grammar, language, or punctuation in the email.
4. Password management
One of the weakest links in many organizations is the failure of employees to take the issue of passwords seriously. Simple passwords are easy to hack and will lead to a data security breach.
Guidelines for password management:
- A password should consist of at least eight characters. Alphanumeric characters and symbols should be combined.
- Avoid obvious passwords like birth dates, names of pets or children, and using the same password but altering only one character.
- Change the password as soon as a device has been breached or stolen.
5. Reporting
Employees need to know where to report problems with cybersecurity. A good policy lays out the procedure when:
- A device is lost or stolen
- Equipment is damaged
- A suspected breach has occurred
- There is credible evidence that a breach is imminent
- The employee detects a weakness in the company’s system
- The employee is aware of a co-worker who flouts the policy mandates
Proactive behavior on the part of employees can help the IT department protect the company’s computer system.