SADS IT Guide:
Employee Cyber Security Policy

When it comes to cyber security threats human error can be a factor that is often overlooked. Although human error can never be eliminated entirely, incidents can be reduced by introducing clear security guidelines and employee training.

The cyber security policy should be included as part of the employment agreement. If you already have a policy in place be sure to keep it current along with staff training as new threats continue to emerge on a regular basis. If you haven’t yet introduced a Security policy, here is a list to help you get started;

Emphasize the Importance of Cyber Security

Ensure your staff are fully aware of the potential security risks and severity of such attacks, for example stolen customer or employee data could badly affect the individuals involved, as well as severely jeopardize customer relations.

Likewise, if company systems are infected with malware, this could severely hamper the efficiency of the company, leading to financial loss.

Effective Password Management

Passwords can make or break a company’s cyber security system. Set clear guidelines in your policy for password requirements (to include lower case and upper case letters and numbers), how to store passwords (not on desks), how to share passwords (not via email), and how often to update passwords.

Also, inform your staff that using the same password across different sites increases your risk.

Detect Phishing Emails

Describe the different kinds of phishing emails and how to spot them, even with anti-spam software in place there is the chance that one could get through.

When an employee receives an email that looks out of the ordinary, even if it appears as an internal email, they must check with the sender that the attachments are safe before opening. If in doubt, ask your employees to speak with their manager or IT helpdesk to check authenticity before opening any attachments.

Apply Regular Updates

Assign a responsible employee or use your IT support provider to ensure your security software, web browsers and other programs are regularly updated.

Protect Confidential Data

Confidential data such as credit card data, names and email addresses is often targeted. Any confidential data that is sent to an outside email recipient must sent using a secure file transfer system that encrypts the information and only allows the authorized recipient to access it.

Lock Computers and Devices

Set good habits and teach your employees to lock their screens or log out when leaving their desks to prevent any unauthorized access. Other devices such as laptops, iPad and iPhone should be physically locked when not in use.