Nearly everyone has received an e-mail with an urgent subject line such as “Verify your account information immediately or your account will be suspended!,” when the goal is just for some phisher to get your social security number, PIN, bank account.
And, of course, we’ve read headlines about some multimillion dollar company getting hacked, where vital information was leaked out. Obviously, this is no joke. So, how can we protect ourselves and our information?
Eliminate the risk of someone accessing your personal data by putting proper measures into place to minimize exposure and keep hackers out.
One of the best ways to work towards eliminating risk is to create a security policy. Everyone in a company must understand that each person plays an important role in maintaining security. So, once a security policy is in place, it’s vital to communicate the policies to everyone in your organization— especially if there are updates or changes.
The specific policies that you implement, as well as the amount of detail they contain, will change as your company grows.
Some of the areas to consider when creating a security policy:
1. Personnel Security – Address background checks for employees and contractors. Effectively remove access to facilities and information systems when an employee or contractor has been terminated from employment. If there are ID badges, keep pictures current and identify the authorized access levels on the badge.
2. Physical Security – Allow authorized and limit unauthorized personnel physical access to information systems. Monitor controlled areas with surveillance video, sign-in log, and/or someone to escort visitors in and out. Protect data equipment.
3. Password Protection – Authentication and authorization of information systems, applications, and data.
4. Sensitive Data – Shredders or locked waste bins to dispose of hardcopies. Dispose of old equipment to project against loss of data.
5. Disaster Recovery – Back up and archive critical information. Identify an emergency contact and make sure appropriate personnel are aware of contact information. Define how information will be communicated to the company.
6. Security Awareness – Educate staff on how to watch for security breaches, protect passwords, and protect classified data.
7. Compliance and Audit – Regularly review guidelines and procedures. Audit processes and procedures to ensure compliancy of the guidelines defined. Test disaster plans regularly.
Communicate your security procedure so that it becomes a culture, a way of life for your organization and not just a mandate that employees and contractors might otherwise overlook or bypass. A security policy should drive home the idea that it is not just the company that could be at stake but also its employees.
Related Courses
Security+ Prep Course (SYO-301)
CompTIA Advanced Security Practitioner (CASP) Prep Course
IPS — Implementing Cisco Intrusion Prevention System v7.0