Skip to main content

Strengthening your cybersecurity policies

Strengthening your cybersecurity policies

Formulating strong IT policies and laying down the best practices for your staff to follow is one of the best ways to prevent your business from becoming a victim of cybercrime. In this blog, we explore the various areas your IT policy should ideally cover.

Passwords: Your IT policy should cover
  1. Rules regarding password setting
  2. Password best practices
  3. The implications of password sharing
  4. Corrective actions that will be taken in the event the password policy is not followed
Personal devices
  1. Rules regarding the usage of personal devices at work or for work purposes. Answer questions like
    1. Are all employees allowed to use personal devices for work or do you want to limit it to those handling lesser sensitive data, or to those at higher in the corporate hierarchy as you assume they will need to be available 24/7? Regardless, you should spell out the regulations that they must follow. For example, requiring a weekly or monthly check for malware and updates to anti-malware software, etc., If only certain kinds of devices, software or operating systems may be approved as they are presumed to be more secure, then that should be addressed in the policy

  2. Discuss best practices and educate your employees on the risks related to connecting to open internet connections (Free WiFi) such as the ones offered at malls or airports.
Cybersecurity measures
  1. Document the cybersecurity measures that you have in place for your business. This should include your digital measures such as the software you have deployed to keep malware out--like anti-virus tools, firewalls, etc., and also the physical measures such as CCTV systems, biometric access controls, etc.,
  2. Another example of a good practice is how you handle employee turnover. When someone quits your organization or has changed positions, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc.,

Comments

Popular posts from this blog

Cybersecurity training basics: Password best practices

Cybersecurity training basics: Password best practices & phishing identification As a business you know the importance of ensuring that your data is safe from the prying eyes of cybercriminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cybercriminals. This blog offers a list of what you should cover in cybersecurity awareness training. Password best practices This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know Not to share passwords How to share passwords safely (if at all it has to be done) How to set strong passwords The importance of changing passwords often Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it You could also

Access matters when things go to **and?)!

Access matters when things go to **&?)! The COVID-19 pandemic brought a multitude of lessons along with it, on both the personal and professional fronts. From the business perspective, the pandemic turned things upside down across almost every industry. One of the biggest trends that the pandemic brought was remote work. While working from home (WFH), or telecommuting as it was called earlier, existed in some industries, the pandemic made WFH mainstream for everyone. From doctor’s offices, to SMBs to IT companies, almost every industry had to resort to remote operations to stay in business. This shift from on-site, brick-and-mortar offices to WFH brought along with it some serious challenges. This blog discusses 2 ways businesses leveraged technology to overcome the various challenges businesses faced with the sudden shift to the remote work environment. Data access This was one of the first and foremost challenges. When shelter-in-place orders and lockdown restrictions were impos

What does cyber insurance typically cover?

What does cyber insurance typically cover? Cyber insurance is a must-have to protect your business against the risk of cyber events and loss, compromise, or theft of electronic data. And, not just that, some of your clients may insist that you have cyber insurance coverage before they trust you with their data--especially if you are operating in the B2B market. Cyber insurance can break the fall in case you become the victim of a cyber attack or some gross malfunction that causes data loss. Here’s a list of things cyber insurance policies typically cover. Forensic analysis After a cybersecurity attack, you need to conduct a root cause analysis to identify what went wrong and where, so you can take corrective action to prevent the possibility of it repeating. Notification expenses, penalties & lawsuits Along with data breaches come a lot of liabilities including timely notification, fines, penalties, and perhaps even lawsuits for which you will need legal representation. Revenue los