As breaches become the new norm, having a cybersecurity policy becomes not just a matter of saving face, but of saving money, data, and valuable employee resources. Each year, thousands of breaches take place, resulting in the theft of over 1 billion records of personal identifiable information.
Ideally, your business’ cybersecurity policy should be documented, reviewed, and maintained on a regular basis. Even creating a short guide that covers the most important areas goes a long way in keeping your business protected. Visit the SANS Institute for free policy templates.
First and foremost, make sure you’re operating within the law. For example, if you’re a financial institution, you will need to be compliant with SEC guidelines, as they will continue to focus on cybersecurity and mandate proof that safeguards are in place and designed to secure personal and sensitive information adequately to defend against cyber threats and vulnerabilities.
Your cybersecurity policy should include information on controls such as:
• Which security programs will be implemented
• How updates and patches will be applied in order to limit attacks and vulnerabilities
• How data will be backed up
• Clearly identify roles and responsibilities.
No matter how strong your cyber defenses are, employees can introduce threats to your company’s networks by falling for phishing scams, posting secure information on social media, or giving away credentials. Your policy should clearly communicate best practices for users in order to limit the potential for attacks and threats. In addition, the employee policy should also cover what happens when users fail to comply with guidelines. Acceptable use guidelines can include:
• How to detect social engineering tactics and other scams
• What is acceptable Internet usage
• How remote workers should access the network
• How social media use will be regulated
• What password management systems might be utilized
• How to report security incidents
Information taken from: https://blog.malwarebytes.com/101/2016/03/how-to-create-a-successful-cybersecurity-policy/