Hi everyone, welcome back. Cyber security is an important area of focus. There is a whole lot of data that is being stored and transmitted digitally. This includes sensitive data that could potentially cause damage to someone or even a whole company. We will go over some common policies and strategies that organizations use. With this introduction out of the way, let’s get into it.
Companies may have several policies in place to protect their network from cyber attacks. In this article, we will focus specifically on personnel policies. A number of vulnerabilities come from social engineering attacks where attackers attempt to learn information. More about social engineering can be found here. This newly learned information could potentially allow an attacker to launch a successful attack. Let’s look into some common policies.
When a new employee is hired, they are likely to go through an on-boarding process. This process will vary from company to company, but it’s overall goal is to bring the new employee up to speed on the company and its culture. This will include any security training and specifying which devices that can be used for work purposes. Personal devices may also be screened for viruses or applications that could potentially cause damage to the company.
When an employee is leaving the company, any related data on a personal device should be removed. Data regarding the company should not be left with a former employee.
Separation of Duties
Separation of duties means that each person has their own parts of a tasks to do, and only their parts. Once a part of a task is completed it gets passed to another person. This is an internal security measure to prevent any malicious intent that might occur, this can also prevent accidental errors as well. For instance, a company can have one person receive payments and have another person authorize payments rather than have only one person manage all the money. The two workers in this case will keep each other in check.