Does your company have a Cyber Security Policy?
A Company Cyber Security Policy sets out to preserve the security of your data and technology infrastructure. All businesses should have a security policy in place that is regularly assessed, updated as necessary and shared across the entire business, ensuring that all staff comply with that policy.
What password protocols are in place?
Passwords are the most common way for your organisation and the people in it to prove identity when banking, making purchases and other transactional online activities, accessing services, using email and accessing computers themselves (via User Accounts). It is amazing however how many businesses don’t understand the importance of secure password generation and management. The use of strong passwords and their secrecy is therefore vital in order to protect the organisation's and individuals’ security and identity. The best security in the world is useless if a malicious or other unauthorised person has a legitimate user name and password!
Password management automation is a good solution for this, so ask your IT manager about the possibility of implementing one, if it’s not in place already.
Check too, how many points of verification are required to access the networks. Even free services, such as Gmail, require two points: an email address and password.
Are mobile devices included in the Cyber Security Policy?
The benefits to the Bring Your Own Devices (BYOD) movement are numerous and has improved productivity and convenience for us all.
But as the number of devices increases, so does the risk of breach. Under GDPR, data controllers must find out:
- What type of data is held on all BYODs
- Whether that data is encrypted
- Where such data may be stored
- How such data is transferred
- What the risk is for the data leakage as a result of BYOD
- How the company plans to ensure that personal and business use of BYOD is maintained separately
- How the company plans to separate personal and business internet access
- The security capabilities and vulnerabilities for every BYOD used by employees
- The policy for when an employee who owns a BYOD leaves the business, having had access to personal and confidential information about the company’s customers/suppliers
- How to deal with the loss, theft, misuse or failure of an employee’s BYOD
- What support is offered by the company to help maintain BYOD security compliance
Are adequate security training procedures in place?
If your staff use their devices to access corporate, home or other networks remotely, it’s important that they follow corporate security procedures. IBM said that 95% of all cyber attacks it experiences are due to human error. Are you doing enough to make sure that the people in your business are knowledgeable about threats and how to deal with them?
Common golden rules include: Always treat unusual emails cautiously, regardless of how entertaining, alarming or urgent they appear! Hackers gain access to networks every day by appealing to our natural curiosity. Emails that people don’t recognise are clicked purely because we wonder whether something interesting lies behind them. Viruses enter networks on USB sticks or other mobile storage devices because they weren’t checked first.