Securityis the responsibility of everyone within the company. Any opportunity for a hacker to further gainknowledge of the security can result in further opportunities developing. For example, if an employee writes down theirpassword and leaves it at their desk, or throws it away in a non-confidentialwaste bin, the hacker could then try to snoop around and try to figure outtheir username. Usernames may be generictoo (e.g.
first letter of first name, followed by surname), so if the hacker isaware of a few usernames, he may be able to figure out that username andpassword combination. A way ofpreventing this may be to use 2 Factor Authentication, as the hacker won’t beable to sign in unless they had the physical device used to authenticate theuser. Four basic things that should beexplained to an employee about a typical security policy are:? How to properly manage your Username andpassword as well as any other important information.? A company’ most insecure part of their networkmight be humans, as they might record their authentication credentials onpaper, follow bad practices etc. Trainingshould be put in place to emphasise how important these credentials are and thedevastating impact that it could have if these credentials got into the wronghands.
? How to act when a potential security incidentor intrusion attempt takes place.? A company’ should have taken measures for these‘contingency plans’. This should beexecuted in the event of an IT disaster.
All employees should be briefed on this plan if such event was to occur.? How to use workstations and Internetconnectivity securely.? There may be a fair use policy on top of that,preventing employees from browsing certain websites that might either bedistracting or pose a threat. This mayalso prevent an employee to run applications that haven’t been approved. All these measures combined make goodpractice of the security policies put in place.? What will happen if an employee does not abideby these policies.? In order to deter employees from breaking thesepolicies there needs to be punishments in place.
These need to be explained toemployees so that they know the consequences and severity of what they aredoing when a policy is broken. This could range from suspension all the way upto getting arrested. ? Always applying the latest updatesand patches.
? Employees should immediately bemade aware to always download and install the latest updates for theiranti-malware programs and any programs they use to improve upon the security oftheir workstation and to perform full scans of their workstation at least oncea week.Thesecurity policy should be explained to an employee before they are let anywherenear a system. Not knowing any of the rules and procedures and proceeding toaccess the system could lead to the network being compromised and importantdata being corrupted all through an uninformed employee.Thesecurity policies could be completed before any employee even signs a contractas it allows a potential employee to review what they are getting into andalong with this shows how serious the company are about their securityprotocols.
A signature from the employee once they have read and understood thepolicy will create an agreement of cooperation between the employee and theorganisation that the policies will be followed.