Data breaches have become a new reality and an important consideration for all businesses. A business needs to make cyber security a priority or risk loss of important intellectual property and/or private consumer data. Businesses need to develop and implement a company policy and plan to protect their computer systems. These methods need to include technical safeguards, trustworthy employees, and safety measures to prevent vulnerabilities
Most data breaches are not caused by sophisticated backdoor attacks by unknown entities. In fact, most common causes of data breaches occur due to human error and breaches by employees. A company must make employee training a primary aspect of their policy when dealing with cyber security. A company policy should also include the following best practices:
Background Checks. A business should always conduct background checks on potential hires. It is important to hire trustworthy individuals, especially information technology (IT) professionals who have access to the company’s computer systems. It is important to ensure that the IT staff has been vetted properly.
Confidentiality Agreements. All employees and new hires should sign a confidentiality agreement for securing sensitive company information, including data confidential.
Data Security Agreements. All employees must have access to the company’s data security standards policy and sign an agreement to abide by the agreement.
Limit Employee Access. Limit access of employees to important information, such as Social Security numbers. Only give access to employees on a limited, need to know basis.
Provide Training. Provide frequent training and reminders on the company’s best practices regarding data security so that employees are aware of how attacks happen and how to prevent them.
Passwords. Insecure passwords are the easiest way to hack into protected networks. Train employees on creating passwords that are harder to crack. Make it a policy to create complex passwords and change them frequently.
Prevent Human Errors. Create awareness among employees of how human error can cause data breaches. Train them to not send important emails over unencrypted hardware devices, to not share account information with others, to not leave important paperwork unsecured, or to not send important information to the wrong recipient.
Reward Reporting of Suspicious Behavior. Reward employees who report suspicious activity or behavior.
Discipline Violators. Discipline employees who violate company data security policies.
Train Employees on Phishing Attacks. Train employees on how to spot phishing attacks and require that they independently verify all requests for sensitive information.
Secure Building Access. Prevent non-employees from entering office buildings by requiring security codes and request employees not give access to non-employees without permission.
Report Lost Equipment. Require all employees to report lost company equipment, including laptops and cellular phones.
Personal Devices. Limit the use of personal devices for business purposes and vice versa.
Software. Do not allow employees to download unauthorized software onto company computer systems, laptops, cell phones, and other devices.
Termination of Employment. When an employee is terminated or resigns, it is important to terminate their access to company information, papers and other sensitive information immediately.
An educated work force that is vigilant and alert is the best way to tackle threats to a company’s computer systems. Building employee awareness is a big step toward securing company data.
If you have concerns about creating a company cyber security policy for your business, contact the attorneys at MacMain, Connell & Leinhauser. We provide human resource support and review employer policies to limit exposure to litigation. For further information on how our firm can assist you, contact us online or call us at 484-318-7106. Located in West Chester, Pennsylvania, we serve clients throughout Chester County and Philadelphia.