According to the IBM Cyber Security Intelligence Index carried out in 2014, well over 95% of IT security breaches are directly caused by human error. This particular and considerable threat to network security is one that is underestimated and overlooked in a number of cases. However, as natural as human error can be, it is quite hard to get rid of it entirely, but it can be minimized all the same. This can be actively accomplished by not only coming up with proper and clear network security directions but also by offering proper staff training. One sure way of doing this is by putting in place a proper IT security policy, which defines what needs to be done, and what doesn’t when it comes to cyber security. The following tips will surely give you a hint of how that policy needs to take shape.
1. Stress on the cruciality of network security
This is fairly straightforward; make sure everyone fully understands how important network security is, along with its shortcomings if mishandled. For example, if any staff/client data is misplaced, serious consequences could befall the parties involved, not to mention potentially putting the company in jeopardy. Consequently, any malware involved could compromise the entire system.
2. Preach effective management of passwords
As it were, passwords have the power to render your company’s IT security helpless. To keep this from happening you should put across a clear policy that defines all the passcode needs, i.e. what entails a safe and secure passcode, how it ought to be stored or shared, and also the frequency of carrying out the necessary updates. While doing that, make it clear that usage of said passwords on various sites shouldn’t be tolerated.
3. Encourage constant overhaul of patches
As a way to fight off those nasty Trojan Horses and the like, encourage constant updates of anti-malware software, along with browsers. On the same note, it is good to prioritize regular scans for the presence of said malware programs.
4. Be wary of phishing
We live in a world where scams like phishing are practiced quite frequently, and as far as network security is concerned, you should be wary of them. Staff and employees should be extra careful when handling things like emails, especially if they are from an untrustworthy party outside the company. In such doubtful scenarios, one should be advised to return to the main site of the company. Scams other than phishing can also be carried out through using mobile phone handsets, so suspicious calls need be monitored closely.
5. Protect computers and related devices
Computers cannot be used at all times, thus their screens should be locked and protected for convenience. Logging out is just another option one can go for, in a bid to prohibit unauthorized access. When not in use, physically locking them away is also a necessity.
6. Safeguard high profile information
More often than not, high profile info, e.g. credit data and social security numbers, are the most targeted. Therefore, when sending such delicate information, a trusted transfer system and protocol should be put into effect. Ideally, data that has been sent, or data that has been prepared to be sent must be encrypted, and only an authorized personnel member can get access to it.
7. Have portable media secured
In this case, portable media includes portable mobile handsets, as well as laptops. In that respect, passcodes and passwords need be implemented to set a limit on who has access to them. Concurrently, flash drives and compact disks, need to be constantly scanned and checked for the presence of malware if they are to be at all connected to the company network.
8. Divulge when devices get lost or stolen
It isn’t uncommon to have crucial media devices stolen or lost, so in case it does happen, employees need to realize that there is now an attack front for unauthorized and malicious people. In such an instance, you can have all those devices wiped clean of any important information before it gets into the wrong hands. Ultimately, reporting it is the right move.
9. An active role needs to be a habit
This directly implies that your employees and staff need to be aware and on the lookout in case any suspicious activity occurs. In the event of that happening, immediate action needs to be taken, in order to salvage the situation, eventually contributing to an improved IT security.
10. Include privacy settings where need be
This includes all social media fronts that your employees might be involved with. They should ascertain that only people in their contact list can see the limited data they have put up. Doing so prevents not only scams but also cases of identity theft. Clearly, an IT security policy requires quite a lot of work and attention, and therefore, ample training is a must. An IT security policy is a must have in any employment agreement.
Sourced from: opswat
Featured Image: business.nl