We may not want to admit it, but one of the largest threats to a company’s cybersecurity can be human error. Some of the most common risks can come from unintentional action, or lack of action, by employees that allow a security breach to take place. Important aspects of human error to consider include awareness around phishing attacks, device management and social engineering principles.
In order to protect your company from incidents caused by common mistakes, you should create an acceptable use policy that outlines the responsibilities people have when working in and with your organisation. This includes accessing company equipment and information, as well as how people should behave to ensure the company is kept secure. For situations where small mistakes can cause significant damage, some strict rules may be used. Guidelines can be used for lower risk situations to ensure staff are not being overwhelmed with rules and regulations that distract from their roles. These rules and guidelines can include the accessing of company information in any form (on company and personal equipment), visitor procedures and warnings around threats to be aware of (i.e. phishing emails)
Not only does this policy ensure your staff are aware of what is expected of them at all times, but it also acts as a demonstration of your company’s attitude towards cybersecurity. A well-implemented acceptable use policy will show your company takes security seriously and will allow other companies to see this in the event of partnerships etc. This also allows users or customers to feel safe allowing your company to store their sensitive information.
It is important for this policy to be acknowledged by all members of your company, as well as future and temporary members (contractors etc.). Adding this to your onboarding process is recommended, as well as keeping a record of staff that have acknowledged the policy so that you can follow up on those who may not be aware of it. The policy must also be readily available to all staff so that they can refer to it at any time to ensure they are doing their part to keep the company secure.
Creating an acceptable use policy is a foundational security task. Onwardly is a cybersecurity platform that enables you to self-assess, build policy and manage all of your security tasks in one place.
Photo by Headway