For insurance buyers, insurance agents and insurance wholesalers!For insurance buyers, insurance agents and insurance wholesalers!

The Internal Cyberthreat

CMEditor
4/30/2013 by CompleteMarkets Editor, Lorelie Masters

This content has not been rated yet.

THE INTERNAL CYBERTHREAT

 

by Lorelie Masters

 

Cyberthreats from employee actions, whether accidental or intentional, can cripple a business just as surely as a fire or natural disaster. Because most organizations face some form of internal cyberthreat, it’s important to create and disseminate written policies and procedures to minimize the risk.

 

Here’s a run-down of topics you should include:

 

WEB SITE POLICY

 

Your Web site policy should include procedures for regularly reviewing the site’s accuracy and content, including who’s responsible for making sure there’s no inappropriate content. Specify appropriate and inappropriate uses of the site, the materials to be posted, and the process for adding material. Limit the number of employees entrusted with the responsibility for posting information on the site.

 

SECURITY POLICY

 

Encryption and computer security policies should specify how e-mail and other electronic documents are to be distributed. Also, describe your position on the encryption of such documents. To identify and protect against intrusion and unauthorized uses, your computer security management should determine their method of upgrading and monitoring the networks.

 

PRIVACY POLICY

 

Have a personal privacy policy that spells out appropriate and inappropriate uses of the personal information your firm has on both employees and customers. Include the penalties for violating the policy.

 

ORGANIZATION ASSETS POLICY

 

Your policy on protection of company assets should make it clear that the firm owns the rights to its intellectual property, trade secrets, and other privileged and confidential information. The policy should state your position on works for hire that employees create while on the job. Although works for hire generally belong to the organization that paid for their development, having a written policy on this can strengthen your position if there should be legal action concerning the ownership of such works.

 

Don’t overlook your encryption system and keys when cataloging your assets. The value of these systems and keys is growing because of the rise in e-commerce and transmission of sensitive information over the Internet.

 

CONFIDENTIALITY POLICY

 

Your confidentiality policy should state that confidential and privileged information will be distributed on a need-to-know basis in strict compliance with established procedure. The policy should also make clear that the company owns all assets and documents containing proprietary and other confidential information.

 

E-MAIL POLICY

 

Your e-mail policy needs to specify appropriate and inappropriate uses of the firm’s e-mail system, including:

 

  • What may and may not be downloaded and transmitted

     

  • When material sent over the Internet must be encrypted

     

  • The company’s right to monitor employee e-mail to protect trade secrets and proprietary information

     

DOCUMENT RETENTION POLICY

 

Your document security and retention policy should cover the regular and systematic retention and destruction of both electronic and hardcopy documents. Specify that if your firm learns that a particular subject matter is or might become the subject of legal action, all relevant documents will be excluded from the retention and destruction policy.

 

Computer networks and e-mail leave digital “tracks” that reveal a user’s travels on the network and through cyberspace. The system might also create hidden backups of e-mail and other documents as part of its regular activity for preserving network data.

 

ELECTRONIC SIGNATURE POLICY

 

There’s no clear-cut definition of a valid and binding contract created over the Internet. However, as a result of encryption technology and laws regarding electronic signatures, standards are evolving for determining whether Internet communications constitute a valid contract.

 

Name the individuals or positions having the authority to bind your organization on a contractual or other basis, and make it clear that statements made via e-mail may bind the organization. Having such a policy could help your firm avoid liability for alleged contracts that an employee might make when acting outside the scope of their authority.

 

CONCLUSION

To be effective, your firm’s Internet and e-mail policies must be communicated clearly to employees and any others, such as outside contractors, who should also follow it. Set up a training program. Keep track of who has received the training, and require employees to acknowledge in writing that they’ve been trained and understand and agree to comply with the policy. Review and update the policy regularly and disseminate it to your employees.

 

Reprinted with permission of Griffin Communications Inc.

 

Login or Register (for FREE) to gain access to thousands of other great articles.
Need more reasons to join? Need insurance for you, your business or your family?
All Articles by CompleteMarkets Editor
Tags:
Categories: Technology
Monetization type: None
Comments (0)
There are no comments posted.
Search Articles/Libraries 
Select a Category
Choose a Content Package
Similar Articles 
Content Packages 
  • ~/Upload/Images/ContenPackages/editor@completemarkets.com/imms_logo.png
    This article is part of the IMMS Library, which contains more than 2451 documents published by industry-leading authors.