Hi everyone, welcome back. Cyber security is an important area of focus. There is a whole lot of data that is being stored and transmitted digitally. This includes sensitive data that could potentially cause damage to someone or even a whole company. We will go over common policies and strategies that organizations use. This is a continuation of Cyber Security: Personnel Organizational Security Part 2 which can be found here. With this introduction out of the way, let’s get into it.
Companies may have several policies in place to protect their network from cyber attacks. In this article, we will focus on personnel policies. A number of vulnerabilities come from social engineering attacks where attackers attempt to learn information. More about social engineering can be found here. This newly learned information could potentially allow an attacker to launch a successful attack, Let’s look into some common policies and strategies.
The clean-desk policy is used to ensure that employees clear their desk with paperwork or how their working space should be cleaned before leaving the office. Any important or confidential items should be secured or properly disposed of before the end of day. This is used to help prevent others from reading or taking any papers left behind.
Rules of Behavior
Typically can be found in a code of conduct, the rules of behavior lists how an employee should behave at work. Most rules are commonly found within most companies such as no bullying, no discrimination, and no sexual harassment. However, if working in a confidential environment, there may be a whole new set of rules to adhere to regarding security. These rules must be clearly defined and should be part of employee training.
Policy violations occur when an employee does not follow the procedures of a policy that was agreed to. Depending on what was breached, it may result in a disciplinary action, such as a warning, a performance improvement plan, or termination. This may also depend upon the employees behavior.