04.28.20176 min read

Do Your Company Policies Protect You in Cyberspace?

Every company, regardless of size, should develop and maintain strong policies for critical data and sensitive client information. Companies need to not only protect their assets and reputation but also discourage inappropriate or malicious behavior.

Establishing policies and procedures are one of the most effective and inexpensive ways of averting cybersecurity crimes. However, many companies fail to put policies into place or adhere to them. The Ponemon Institute, in their 2016 report, “Security Beyond the Traditional Perimeter,” it was revealed that 79 percent of all companies who responded to their survey had cybersecurity policies and procedures that are non-existent, partially deployed, or inconsistently deployed.

While these documents in of themselves do not prevent cybercrime, they are an important step in the right direction. They assist in raising awareness and identify what needs to be done when cybercrime occurs.

Policy and procedure action items

Identifying the right information to put into a policy or procedure can be daunting, especially when it is something that is unfamiliar and not directly related to your core business.

Here are fundamental elements that should be included in any good policy and procedure document:

1. Establish clear roles and responsibilities

A key to the prevention of serious cyber security incidents is to establish a policy that clearly defines the individual roles and responsibilities with respect to systems and the information they contain. This includes the following:

  • The necessary roles and the rights and limitations according to each role
  • The employees or type of employee who should be allowed to assume each role
  • If an employee holds multiple roles, the circumstances that define when to adopt one role over the other

There may also be a need to create a separate policy to govern responsibility for certain types of data. This data may include types such Personally Identifiable Information (PII) and credit card information.

RELATED ARTICLE:

Cybersecurity Tips for Small Business: What You Need to Know

Cyber attacks don't just hit big companies; small businesses are at risk, too....

2. Establish an employee internet usage policy

This policy should outline limits on employee internet usage in the workplace. This can vary widely from business to business, however, the guidelines should include the degree of freedom employees have to surf the web or perform personal tasks. These rules are necessary to ensure that employees are aware of the boundaries to keep both them and your business safe and successful.

Some things to consider when developing this policy:

  • Limiting surfing to a reasonable amount of time and to certain types of activities
  • If web monitoring is in use, employees should have a clear understanding of how and why their activities are being monitored. This helps to gain acceptance and raises awareness of what sites are considered out of bounds by the policy.
  • Rules and guidelines need to be clear, succinct, and easy to follow. Employees should feel at ease when performing both job-related and personal tasks without having to ask or make a judgment call regarding what’s appropriate.

3. Establish a social media policy

Social media sites and applications present risks that can be difficult to address, especially when your company uses it to promote the business and communicate with customers.

Your social media policy, at a minimum, should include the following:

  • Specific guidelines on disclosure of company information that could create risk for the company
  • Guidance for acceptable customer communication. This includes replies to inquiries, responding to posts, or participating in discussion topics.
  • Guidance on using a company email address to register or get notifications from social media sites
  • Guidance on using strong passwords, since few sites enforce strong authentication policies for users. This should include guidelines on the reuse of passwords between sites.
  • Include guidance on mobile device use

All users of social media need to be aware of the risks associated with its use and the nature of data that can be disclosed online when using social media. Taking the time to educate your employees on the possible dangers of social media use is one of the most effective tools in keeping your business safe.

RELATED ARTICLE:

Why Cybersecurity Starts With Your Password

Just because you are a small business, doesn't mean you won't be a target of...

4. Establishing clearly defined procedures for handling events

In the event that a cybercrime or policy violation occurs, clear and concise procedures for handling each type of occurrence are critical to mitigate potential threats or damage to your business and subsequently recover from it.

This procedure should include the following information:

  • Establish a recovery team. This team has the authority and resources to directly address a cyber-security incident.
  • Specific recovery activities including system recovery, application restoration details, or methods to activate alternate means of keeping your business going
  • Specific disciplinary actions that may be taken when employee violations occur
  • Specific details on when legal action is to be taken

In conclusion

A clear and easy way to understand policy and procedural documents can be a great tool in protecting your business, employees, and customers. It should also be a living document, regularly reviewed and updated to address the growth of your company, evolving threats, and infrastructure. Finally, it should be regularly shared with your employees, to gain buy-in and understanding of their specific role in keeping your business successful.

2017 Strategic Planning Kit - Download Now
 
Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer.

green paper airplane

Did you like this article? Get articles like this delivered weekly to your inbox, gratis.

close button

Subscribe to our weekly newsletter!

5 Reasons to Subscribe:

1. Weekly tips to dominate sales and marketing

At our core, we're focused on helping you become a sales and marketing machine. We tap into the genius of the best salesfolks and marketers out there to give you daily tips to grow your leads, make more sales, and keep more customers.

2. Expert small business resources that cost you zero dollars

Want to go deep? We have you covered with free guides, webinars, and tools on a range of topics from marketing automation, CRM, and digital marketing to building sales and marketing strategies from the ground up. All for free. All for you.

3. We're focused 100 percent on small business success

We exist for one reason: helping small businesses succeed. We give you the ideas and insights you need to blow the competition out of the water. We serve business owners who are hungry to put in the hard work to grow their business and own the market.

4. We do the work for you

Running a small business is a 110 percent endeavor. You don't have time to surf Internet for the best small business insights and ideas out there. We'll do that for you with the best original content from our team and from industry experts and small business owners.

5. But wait, there's more!

Small business success means more than just sales and marketing, so we also hit on a range of topics to help your small business thrive, including personal and business growth, customer service, and business management.

6. Righteous GIFs

OK, we said five reasons, but we like to overdeliver...and GIFs. We really like GIFs. You're bound to see some righteous ones.

GIF of Ferris Bueler principal's assistant

P.S. We'll never give out your information. We'll only use it to send you awesome content and resources, if you're cool with that.