IT Security Archives

Key Elements of a Data Security Policy

Having a well-documented data security policy in place can help protect your employees, sensitive information and customers from security breaches. To develop a holistic policy, it is important to analyze all the areas that could be of potential threat.

Use this checklist to ensure your data security policy includes all the key elements required to maintain data privacy and security.

Download as PDF

Safeguard Data Privacy

Apart from complying with the existing rules and regulations, a data privacy policy will guide your employees on how to handle sensitive information in such a way that it is not compromised.

Password Management

Setting up a password policy will ensure your company resources are protected and only accessible by authorized personnel. The guidelines should include password length, complexity and how often it needs to be changed.

Internet Usage

An internet usage policy that defines best practices while accessing the internet, such as restricting employees from visiting certain sites or prohibiting unnecessary file downloads, will help set limitations and minimize security risks.

Email Usage

Companies often fall victim to data breaches due to employee negligence or email misuse. With an email policy in place, your employees will be aware of what is expected of them and how company information should be disseminated internally and externally. Data security risks can arise at any time and from anywhere.

Company Devices

As the use of mobile devices for work gains momentum, it also opens the door to several security threats. Implementing a comprehensive policy will help mitigate the risks associated with data theft and stolen devices, and ensure the devices are used responsibly within the set guidelines.

Personal Employee Devices

Unlike company-owned devices, it’s difficult to have complete control over personal devices. A security policy, such as accessing company resources only through a secure VPN, or installing an antivirus or mobile device management software, will set certain boundaries or limitations.

Social Media Presence

Protecting your company’s reputation is critical not only within the workplace but outside as well. A social media policy will help regulate your employees’ online activities.

Software User Agreements

Violating a software license agreement can lead to legal implications. A software user agreement policy will ensure your employees comply with the procedures regarding the appropriate use of company-owned software.

Reporting Security Breaches

Implementing a Security Incident Reporting policy is important to minimize negative impacts. Your employees should be educated on how to report real or suspected security breaches and what steps they need to take to prevent them from happening.

Data security risks can arise at any time and from anywhere.

To know how to set up effective policies and procedures to fortify your data security, contact us today.

December 10, 2020

The evolution of Ransomware

Cybersecurity

Ransomware has been dominating the news for several weeks, and is likely to stay in the news for most of the year. Ransomware is a distinct type of cyber attack, in that it extorts payment from the victim in exchange for allowing access to something that was encrypted in the attack. The most prevalent type of malware used in this kind of crime is ‘crypto-ransomware’, which normally encrypts the files on the compromised system, and then demands a ransom in return for the ability to decrypt and recover the files. The latest iteration of crypto-ransomware is called Locky, and is the most advanced version of ransomware we have seen in the wild.

Ransomware isn’t new; the first piece of ransomware was distributed via 5 1/4 floppy drives through snail mail back in 1989 (pdf). It wasn’t very successful, but criminals obviously recognized the potential of generating revenue through extortion. Read more

May 24, 2016

The Importance of Network Security