Every organization should set security policy, review it regularly for gaps, publish it, and make sure employees follow it. It should include such things as users not opening attachments or clicking on links from an unknown source, not using USB drives on office computers, password management policy (not reusing work passwords on other sites or machines, no Post-it notes on screens as password reminders), completing specific types of security training including training on security policy, and the many other details of employee and overall security diligence. Policy on WiFi access, for example, should be reviewed. Include contractors and partners as part of this if they need wireless access when on site.
Policy should also exist on wire transfers and the handling of confidential information. It should never be possible for a cybercriminal to hijack a corporate email account and convince someone to transfer a large sum immediately. Policy should limit such transactions to relatively small amounts. Anything beyond that threshold must require further authorizations. Similarly, with confidential information such as IP or employee records, policy should determine a chain of approvals before such information is released.
Next week find out about ~ Procedures….Think Before You Click!
Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584