Does your company have a Cyber Security Policy? If you have not already established a policy that protects both your company and its employees from possible threats, then now is the time to put it in place before you are taken unawares by a cyber attack or by unauthorized access or publication of proprietary and confidential information.
According to the Department of Homeland Security and Federal Communications Agency (FCC), organizations should establish a four-fold Cyber Security Action Plan. It should consist of:
- Establishing Cyber Security Roles -- personnel should only have access to information and data that they are directly working with or that pertains to their job description. Allowing unlimited access to lots of employees is the fastest way for private company data to be shared with other unauthorized parties.
- Establishing an Employee Acceptable Use Policy -- organizations should define precisely what is considered to be proper use and improper use of the company's technology resources. This can provide future legal grounds for termination when employees misuse resources. It can establish boundaries that allow employees to be productive while at the same time these rules of behavior inform employees how to operate within acceptable boundaries. (Short breaks to surf the web have been found to boost productivity.)
- Establishing a Social Media Use Policy -- Social media platforms present a number of cyber security risks for a company. A well constructed social media policy should include information regarding whether it is acceptable to disclose company activities on social media, discussions of the potential problems that employee's social posts could cause, whether it is allowed to use company email addresses to register or receive notices from social media, and guidance on selecting strong passwords and keeping social accounts secure from potential misappropriation.
- Identifying Possible Company Reputation Risks -- Companies must consider how internet posts and social media can impact the organizations public reputation negatively. Some potential threats include:
- The company website being "spoofed" or impersonated by other individuals online who seek to defraud, divert customers, or dissuade people from using the company.
- Confidential or privileged information being exposed to unauthorized people on the internet
- Company actions, decisions, or employee actions being exposed on the web or on social media
In conclusion, it is imperative that companies protect themselves, their employees, and their organization's reputation by establishing a comprehensive Cyber Security Policy and Plan. By being proactive, companies can head off potential threats and violations.