Twelve Unreviewed Policies
It's the last day of Threatmas, which means it’s time to stop and think about the past year and the years ahead. Internal company policies might not be the most exciting thing to be thinking about at this time of year, but they play an important role in guiding your team as they deal with the threats we’ve discussed and more.
Whether you review them now, or later in the new year, here are some areas that should be included in your policies and reviewed annually:
- Your overall Information Security Policy, including:
- The expectations of your team when they Join, Leave or Change roles in your business,
- Details of how Security Awareness is managed,
- The systems that Protect and Backup your data, and
- How you respond to Security Incidents.
- Clear guidance on what’s considered Acceptable Use by your team, including:
- What your team can Remotely Access,
- When it’s appropriate to engage on Social Media, and
- If they can access your systems Using their Own Devices.
- Details of Change Management practices, including:
- When and how your Suppliers and Support Providers can access your systems, and
- How data and devices are Securely Destroyed when no longer needed.
As one last Threatmas bonus, this is also a good opportunity to review your Cyber Insurance Policy and discuss any changes you might need to make with your broker. We’ve recently launched a Cyber Insurance Security Pathway to help with this if you’re not sure where to start.
If you’re after some help creating or reviewing your Information Security Policies, you can register for our upcoming Information Security Policy Pathway.
This is the last post in our “12 days of Threatmas” series. We hope you found it useful and took away something to help you and your business stay secure into the new year.
Enjoy the holidays!