Bottom line: If you have a data security policy in place, you need to make sure that it’s up to date and contains all of the necessary elements to make it effective. Here are 10 essential items that should be incorporated into all security policies:
1. Manage employee email
Many data breaches occur due to an employee’s misuse of email. These negligent acts can be limited by laying out clear standards related to email and data. For starters, make sure employees do not click on links or open attachments from strangers because this could easily lead to a ransomware attack.
2. Comply with software licenses and copyrights
Some organizations are pretty lax in keeping up with the copyrights and licensing of the software they use, but this is an obligation. Failing to do so could put your company at risk.
3. Address security best practices
You should be addressing the security awareness of your staff by ensuring that they are aware of security best practices for security training, testing and awareness.
4. Alert employees to the risk of using social media
All of your staff should be aware of the risks associated with social media, and consider a social media policy for your company. For example, divulging the wrong information on a social media site could lead to a data breach. Social media policy should be created in line with the security best practices.
5. Manage company-owned devices
Many employees use mobile devices in the workplace, and this opens you up to threats. You must have a formal policy in place to ensure mobile devices are used correctly. Requiring all staff to be responsible with their devices and to password protect their devices should be the minimum requirements.
6. Use password management policies
You also want to make sure that your staff is following a password policy. Passwords should be complex, never shared and changed often.
7. Have an approval process in place for employee-owned devices
With more employees than ever before using personal mobile devices for work, it is imperative that you put policies in place to protect your company’s data. Consider putting a policy in place which mandating an approval process for anyone who wants to use a mobile device at work.
8. Report all security incidents
Any time there is an incident, such as malware found on the network, a report should be made and the event should be investigated immediately by the IT team.
9. Track employee Internet use
Most staff members will use the Internet at work without much thought, but this could be dangerous. Try to establish some limits for employee Internet use for both safety and productivity.
Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- How to Digitally Secure The Remote Teleworker
If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe. New advances in mobile technology and networking have given remote workforces a boost, and while policies for most
- “BYOD”? Mobile Security Tips for Small Businesses
Many employees have come to expect that they should be able to use personal smartphones and other mobile devices at the office. This creates problems for IT managers. A company’s IT staff may have a solid grasp on company-issued laptops, desktops, and even mobile phones, but it is almost impossible to control the results when
- Mobile Device Security in a BYOD World
In the real world there is little difference between an employer’s issued device and a personal mobile device. The most important difference should be that a digital device issued by your employer requires and should have a “company mobile liability policy”. Businesses generally provide and pay for employee mobile devices, and also strictly dictate what
- Study Shows 67% of Employees Expose Sensitive Data Outside the Workplace
IDC, an IT analyst firm, estimates that the mobile worker population could reach 1.3 billion by 2015, meaning, they access workplace data outside the workplace. This is risky because it exposes data to hackers. In fact, the safety of what’s displayed on the computer screen in public is of huge concern. The 3M Visual Data Breach
- 7 Small Business Social Media Risks
Many executives are concerned about social media related risks (e.g., data security and ID theft), but far fewer actually have any social media training. A recent survey of executives puts the concerns into four categories: disclosure of confidential information; damaged brand reputation; ID theft; and legal and compliance violations. Another feature that the survey unveiled was that