By now you should have trained your employees on what an attack might look like. Now what? Training an employee is half the battle. Not only do they need to know what NOT to do, they need to know what TO DO when a challenge presents itself. Next, employees need to be aware of internal changes that could directly impact them or their environment, and what to do in case your company does fall victim to an attack. One might call this a Security Plan…
What is a Security Plan?
A security plan is a formalized plan that specifies how you’re protecting your data and business. It also lays out a plan of action for your company and employees in case a security breach does occur. While this might seem like a simple or generic idea, having the ability to customize the complexity of this plan in order to satisfy your company’s needs is an integral part of having a transparent security dialogue. If a breach ever occurs with your team, do your employees know what steps to take? A security plan specifies each of these steps in detail.
How can it help your company?
Many companies have some type of compliance they are required to adhere to. Whether it’s CJIS (Criminal Justice Information Services) or PCI (Payment Card Industry), security plans needs to be in place to ensure industry standards are being followed. If compliance is something new to your company, you might not be aware of how to ensure these requirements are being satisfied. Compliance (learn more here The Ping: What Is Compliance?) can add many factors to a security plan that you might not have been aware of previously.
Security Plan Details
So now you’re thinking, “a Security Plan is a good idea, but where would I even begin?” Security plans can include several different aspects that tailor to your individual company’s specific requirements. Here are some of the most common:
- Make sure your Password Complexity rules are strict. Some simple updates can greatly improve your security:
- Use a minimum of 7 characters for your passwords.
- Use both upper- and lower-case letters (e.g., A,a,B,b, etc.).
- Use non-alphanumeric characters (e.g., 1, 2, 3,!, @, etc.).
- For more information, check out The Ping: Security in Public Places
- Keep your antivirus up-to-date! Most updates to antivirus software include safeguards against the most recent methods of attack.
- Exercise caution when using Public WiFi. Data sent over a public Wi-Fi can be easily intercepted.
- For more information, check out The Ping: How To Avoid Getting Hacked
- Social Media is here to stay, but what does your company allow their employees to post? Should your employees be allowed to access social media while at work? A BYOD (bring your own device) or Acceptable Use Policy would help address exactly what your users can and cannot do while using your systems and/or equipment.
- Removeable devices such as USBs or hard drives can contain viruses that immediately download to a network when attached to a desktop or server. Make sure to limit their usage to trusted sources.
- Physical Security! How accessible is your network to non-employees? Vendors? Janitorial services?
Designated Security Officer
A new approach to trying to resolve these issues is to designate a “security officer” within the company. This individual would help to ensure employees are being compliant. If these new found tasks are this designated individual’s secondary responsibility, the likelihood that they will be able to effectively monitor staff progress significantly declines. Teaching the importance of cybersecurity to your employees can help convey the importance of staying cybersecurity diligent. Personal and direct language like “we’re counting on you” and “it’s up to all of us” from influencers and company leadership can help reiterate to employees that cybersecurity is indeed essential to the company and deserves their attention. When employees start to take ownership on what the consequences could be, they will make more of an effort to be cautious in the future. The “Human Firewall,” as we discussed in The Ping: The Human Firewall, is another best practice to instill in your Security Plan.
If you are not able to dedicate a designated security officer, who is responsible for ensuring these best practices are implemented? This is where your friendly, neighborhood MSP (Managed Service Provider) comes into play. We have years of experience with proactively creating, implementing and monitoring security guidelines so that you can focus on running day to day operations. However, occasionally a security officer may be necessary to help meet your compliance requirements. In these cases, an MSP can work directly with those individuals to help educate them on planning for your company’s compliance needs.
If you’re still questioning what a Security Plan is and how it can affect you and your team, let us know! We are happy to walk you through planning the next steps of creating a customized Security Plan. Or, if you would like to look over an example to see how a Security Plan can benefit your company, we’re happy to send one over!
Your UniVista Team
*Celebrating 20 Years of Customer Satisfaction*