Here are just a few of the security policies that you can to implement to minimize cyber risk:
An access control policy is one of the most important in minimizing cyber risk. This policy lays out exactly which employees have access to sensitive data and information systems and under what circumstances. This can also address policies for monitoring how computers are accessed and used as well. An important part of access control that is often overlooked is the revoking of access after an employee is terminated, so make sure you include guidelines for this.
An acceptable use policy is a broad outline of how employees may access and interact with the corporate network and internet on company devices. This is usually something an employee would sign during their onboarding process before being granted a user ID and password.
An information security policy is a high-level policy that covers the entire network infrastructure of the company. This policy essentially informs employees that there are rules that they must abide by, under threat of punishment, when accessing sensitive information or utilizing company assets.
These days, employees are likely to bring their own devices into work. With smartphones, laptops, and even watches that can connect to your internal network, it's important to have a policy that lays out the rules for remote access. This policy should lay out how users can connect, as well as what kind of devices and systems they are allowed to connect with. For example, you may want to forbid people with certain devices that have known security flaws from connecting to your network.
A communication policy will lay out the ground rules for how employees are to communicate through various mediums. This policy can apply to things such as company emails, blog posts, social media, and chat applications. Using a work-related email or chat account for non work related purposes could obviously pose a security risk and you want to have some level of control over what gets posted about the company on social media or blog accounts in order to avoid sensitive information leaking. This policy could also go over some of the common email phishing schemes and how to spot them.
The best way to combat cyber risk is with good policy. Creating and implementing the right policies to minimize your business's risk is no trivial task, however. Your best bet is to find a partner with expertise in the field of risk management and employee communication.
At Summerlin-Roberts we perform a personalized risk assessment to find out where your weaknesses lie and determine the best course of action to minimize your risk. Please, contact us today to learn more about our cyber insurance policies or to schedule a comprehensive cyber risk assessment.