Does Your Company’s Security Policy Address These Seven Points?
Data breaches and ransomware attacks have become more prevalent than ever, with almost 7 billion records breached in the past two years. Many cybersecurity issues still involve basic, fundamental security missteps, which directly or indirectly lead to these incidents. These attacks can be reduced by establishing clear security guidelines and providing training for your employees. Implementing these key components in your security and disaster recovery plans will help your organization’s network combat attacks.
Here are some points to address as part of your company security policy:
Emphasize the Importance of Security
It’s important to instill that security is everyone’s responsibility. Employees should be told why cybersecurity is important and the potential risks should be explained in detail. If data is lost or stolen it most likely will negatively affect the individuals involved, as well as severely jeopardize the company. If the company systems are infected with malware, this could hamper the efficiency of the organization.
Ask employees to take an active role in security by reporting suspicious activity to their IT administrator. If employees become aware of an error, even after it has happened, reporting it to IT means something can still be done to minimize the damage. Cybersecurity is a matter that concerns everyone in the organization, and each employee needs to take an active role in contributing to the company’s security.
Secure Computers and Devices
When employees leave their desks, they should lock their screens or log out to prevent any unauthorized access. Laptops and cellphones should also be physically locked when not in use.
Advise employees that stolen devices can be an entry point for attackers to gain access to confidential data and that employees must immediately report lost or stolen devices. In many cases your IT department will be able to remotely wipe a lost device in order to protect data on the device.
When using portable devices such as mobile phones and laptops, passwords must be set to limit access. This includes any personal devices that employees may utilize for work under a bring your own device (BYOD) policy.
Teach Effective Password Management
Passwords can make or break a company’s cybersecurity system. Include guidelines on password requirements. “Safe” passwords should be 9 characters or more and include an upper-case letter, lower-case letter, number, and symbol. Be sure to educate employees about how to store their passwords, how to share passwords (when that is needed), and how often to update passwords. Warn employees not to use the same password for multiple programs or sites.
Keep Systems and Programs Updated
Stress the importance of consistently updating operating systems, antivirus software, web browsers, and other programs. Encourage employees to set up alerts for new software updates or turn on automatic updating. Explain that these updates help keep your network safer and often fix security vulnerabilities.
The recent Meltdown and Spectre flaws are great examples as to why updates are important. Patches for these flaws have been pushed out via updates, and anyone who has not updated is at risk.
Protect Sensitive Information
Attackers are often looking for confidential data such as credit card numbers, customer names, email addresses, and social security numbers. When sending this information outside of the organization, it is important that take appropriate safety measures. Sensitive files should be sent through a secure system that uses encryption, not simply emailed.
Be Wary of Phishing and Whaling
Describe the different kinds of phishing emails and scams that employees can be presented with and how to spot them. Employees should never open attachments or links from suspicious senders. If an employee is unsure about the safety of an email, they should contact their IT administrator. Scams can also be executed over the phone, so warn employees about people calling and asking for confidential company information.
Employees should be wary of any email that looks out of the ordinary, even if it looks like an internal email sent by another employee. One common way that companies have been targeted is through what’s referred to as ‘whaling’. Whaling is when someone sends an email that appears to be from an employee, often a member of senior management, in order to try to gain access to sensitive information. Again, if a team member sees this type of scam, they should alert their IT administrators right away.
Limit and Enforce Access
The more exposure your data has, the more at risk it is. Your IT administrators should work with management to put rules in place that allow users limited access that is pertinent to their role. Enforcing a system of checks and balances is part of a foundation for good security.
ImagIT Solutions is a network engineering company that provides comprehensive IT services for channel partners, managed service providers and enterprise businesses with multiple locations. ImagIT was founded with the goal of providing comprehensive, IT services for multi-site organizations. Built on providing exceptional customer service with the most trusted technicians in the field, we continue to grow with our clients and expand internationally. Our team of 400 expert engineers and full PMO are ready to take on any type of networking engagement! Whether its proactive support, an emergency call, long-term projects or ongoing break-fix services, ImagIT will deliver a solution that is customized to best fit your organization.