SADS IT Guide:
Employee Cyber Security Policy
Guide: Cyber Security Policy for Employees
When it comes to cyber security threats human error can be a factor that is often overlooked. Although human error can never be eliminated entirely, incidents can be reduced by introducing clear security guidelines and employee training.
The cyber security policy should be included as part of the employment agreement. If you already have a policy in place be sure to keep it current along with staff training as new threats continue to emerge on a regular basis. If you haven’t yet introduced a Security policy, here is a list to help you get started;
Emphasize the Importance of Cyber Security
Ensure your staff are fully aware of the potential security risks and severity of such attacks, for example stolen customer or employee data could badly affect the individuals involved, as well as severely jeopardize customer relations.
Likewise, if company systems are infected with malware, this could severely hamper the efficiency of the company, leading to financial loss.
Effective Password Management
Passwords can make or break a company’s cyber security system. Set clear guidelines in your policy for password requirements (to include lower case and upper case letters and numbers), how to store passwords (not on desks), how to share passwords (not via email), and how often to update passwords.
Also, inform your staff that using the same password across different sites increases your risk.
Detect Phishing Emails
Describe the different kinds of phishing emails and how to spot them, even with anti-spam software in place there is the chance that one could get through.
When an employee receives an email that looks out of the ordinary, even if it appears as an internal email, they must check with the sender that the attachments are safe before opening. If in doubt, ask your employees to speak with their manager or IT helpdesk to check authenticity before opening any attachments.
Apply Regular Updates
Assign a responsible employee or use your IT support provider to ensure your security software, web browsers and other programs are regularly updated.
Protect Confidential Data
Confidential data such as credit card data, names and email addresses is often targeted. Any confidential data that is sent to an outside email recipient must sent using a secure file transfer system that encrypts the information and only allows the authorized recipient to access it.
Lock Computers and Devices
Set good habits and teach your employees to lock their screens or log out when leaving their desks to prevent any unauthorized access. Other devices such as laptops, iPad and iPhone should be physically locked when not in use.
Portable media such as USB drives and DVDs should be scanned for malware when connecting to the network. Other portable devices such as mobile phones and laptops should be password protected and automatic screen lock activated to limit access.
Report Lost or Stolen Devices
Stolen devices can be an ideal entry point for a hacker to gain access to confidential data, ensure that your employees immediately report lost or stolen devices to your IT department or support team so the devices can be wiped and data secured.
Encourage employees to take an active role in cyber security, if they see suspicious activity they must report it to their IT administrator. If employees become aware of an error, even after the event, reporting it enables action to be taken to minimize the damage.
Cyber security concerns everyone in the company, all employees personal data is stored along with customers so it’s in everyone’s interest to take an active role in the company’s security policy.
Social Media Accounts
If you allow your staff to access social media using the company network, it is highly recommended that they apply maximum privacy settings on their accounts such as Facebook, Twitter and Google+.
By limiting the amount of personal information that is available online, the vulnerability to spear phishing attacks as well as identity theft can be reduced.