Ensuring Compliance In Cybersecurity Policy Within Your Company

It's no fun being the tough, no-nonsense boss, but noncompliance in cybersecurity policy is kind of a big deal. There are hackers who don't know a line of code, who can't tell a Mac from a PC, but they know how to get your data through social engineering. An employee who loans their work laptop to a friend can do a lot more damage than an army of code-crackers. Your media liability insurance will help you patch things up if something like this happens, but your best bet is to ensure compliance in order to prevent this from happening in the first place.

Here's the challenge: Stricter regulations probably won't do you much good. If someone is careless with company data, they already know they could get in trouble for it. Losing their job and being fined $500 is, in the grand scheme of things, not much bigger of a problem than just losing their job. Hackers use social engineering to get at your data, you want to fight fire with fire in order to protect it:

  • Use PC's, not laptops for sensitive work. It sounds silly, but a lot more leaks are the result of lost phones and laptops than hackers. Very few employees are going to try and take their PC home with them or leave it unattended on a table at a coffee shop.

  • The cloud is safer than people think. Anybody can copy a USB drive. Cloud-stored data cannot be accessed without the proper login, or a daring Mission: Impossible style heist, rappelling into a server farm to steal the relevant data.

  • Allowing login through biometrics, like thumbprint scans, can streamline the login process for your team while making it very difficult for anyone not authorized to gain access.

  • Be very careful with your work-from-home policies. It may be best to completely disallow this at the higher levels of security clearance. There isn't really any reason for an employee to take a customer's financial information home with them, anyways, and it goes without saying that there's certain material that should never be handled by freelancers and outsourcers.

  • Streamline your policy. The simpler your compliance policy, the easier it will be to understand. Bring people on step-by-step, don't give them too much to memorize right away. As you move somebody up in clearance levels, you can tell them what they need to know.

  • Change passwords regularly and monitor for break-ins. It's like when too many people are borrowing your Netflix account: You don't have to go and ask them individually to stop, you can just change the password.

  • Consider banning removable storage and outside devices at the higher levels. Again, your data is at a greater risk in a pocket-sized device than it is on the cloud.
Need insurance for You, Your Family or Your Business?
We can match you to a qualified, local insurance expert!
Further Reading
By 2019, the cybersecurity industry will face a deficit of over two million professionals. Whether your company needs a solid cybersecurity team or already has a great team in place, consider taking steps to fight this deficit and protect your busine...
If your company employs IT specialists, consider their certifications. Numerous training certificates ensure your cybersecurity staff members know how to handle threats and protect your company. Certified Information Systems Security Professional ...
It's pretty easy to print out a few pages on how employees can keep private data private. It's not so easy getting your employees to keep those reminders in mind. Here are a few ideas for ensuring compliance in security protocol: Clearance Level...
In old procedural shows like Dragnet, early episodes of Law & Order, Hill Street Blues, Magnum P.I., they always talk about the paper trail. This is the chain of signed documents and verified contracts and letters and memo that, on TV at least, u...
The recent security breach at Sony underscored not only the need for better security in protecting sensitive internal documents and information, but also the appalling lack of care being taken on an individual level to protect passwords and take o...