is the responsibility of everyone within the company.  Any opportunity for a hacker to further gain
knowledge of the security can result in further opportunities developing.  For example, if an employee writes down their
password and leaves it at their desk, or throws it away in a non-confidential
waste bin, the hacker could then try to snoop around and try to figure out
their username.  Usernames may be generic
too (e.g. first letter of first name, followed by surname), so if the hacker is
aware of a few usernames, he may be able to figure out that username and
password combination.  A way of
preventing this may be to use 2 Factor Authentication, as the hacker won’t be
able to sign in unless they had the physical device used to authenticate the
user.  Four basic things that should be
explained to an employee about a typical security policy are:

How to properly manage your Username and
password as well as any other important information.

A company’ most insecure part of their network
might be humans, as they might record their authentication credentials on
paper, follow bad practices etc.  Training
should be put in place to emphasise how important these credentials are and the
devastating impact that it could have if these credentials got into the wrong

How to act when a potential security incident
or intrusion attempt takes place.

A company’ should have taken measures for these
‘contingency plans’.  This should be
executed in the event of an IT disaster. 
All employees should be briefed on this plan if such event was to occur.

How to use workstations and Internet
connectivity securely.

There may be a fair use policy on top of that,
preventing employees from browsing certain websites that might either be
distracting or pose a threat.  This may
also prevent an employee to run applications that haven’t been approved.  All these measures combined make good
practice of the security policies put in place.

What will happen if an employee does not abide
by these policies.

In order to deter employees from breaking these
policies there needs to be punishments in place. These need to be explained to
employees so that they know the consequences and severity of what they are
doing when a policy is broken. This could range from suspension all the way up
to getting arrested.

Always applying the latest updates
and patches.

Employees should immediately be
made aware to always download and install the latest updates for their
anti-malware programs and any programs they use to improve upon the security of
their workstation and to perform full scans of their workstation at least once
a week.

security policy should be explained to an employee before they are let anywhere
near a system. Not knowing any of the rules and procedures and proceeding to
access the system could lead to the network being compromised and important
data being corrupted all through an uninformed employee.

security policies could be completed before any employee even signs a contract
as it allows a potential employee to review what they are getting into and
along with this shows how serious the company are about their security
protocols. A signature from the employee once they have read and understood the
policy will create an agreement of cooperation between the employee and the
organisation that the policies will be followed.