When was the last time you evaluated your cybersecurity protocols and policies?
If the answer is more than three months, it’s time to put on some yellow gloves and get to work cleaning those off to get them updated and ship shape for spring.
Cybercrime damages are expected to cost the world $6 trillion annually by 2021, according to the 2017 Cybercrime Report. As we saw recently with the Facebook data drama, regardless of industry, company size, yearly revenue or location, your organization is a target for cyber criminals. The threat is not going away anytime soon either, as Symantec found that ransomware attacks increased by 36 percent in 2017.
Especially in HR and benefits, you’re sitting on a goldmine of data that needs to be protected.
In an effort to keep your protocols and policies up to speed, use these four steps to power your organization to be more effective and secure:
- Audit your data. The first and most important step you must take is to audit your data using a risk management approach. This will help you understand where your most valuable data lives, and then you can prioritize your resources to protect that data. Conducting an audit once a quarter will ensure you are staying on top of movements or changes that are impacting your data’s location. Coming out of the audit, adjust your policies and protocols accordingly to take these priority areas into account. You can even hire white hat hackers to find holes in your security. Don’t worry about safety, we did it.
- Write your policies in layman’s terms. If your employees don’t understand the security policies, they won’t be able to follow them. Simply put, make sure your policies are written in terms that any employee can comprehend and follow. After writing your policies, run them by a handful of employees in different departments to ensure they will be universally understood. As you likely know, human error can be a big driver of corporate attacks, so taking control with a well-written policy can put that to an end.
- Check your industry compliance. Given the sensitivity of data today, compliance for industries can change frequently, especially if you’re in a highly regulated industry like healthcare or finance. Add a compliance check to your spring cleaning for security as well, and crosscheck that your own policies are up to date.
- Communicate the policies. Finish out the security spring cleaning by communicating any revisions to your employees. It’s most effective to provide the information in a handful of ways, such as e-mail, a webinar, and an in-person session if possible. This provides employees the option to choose the learning format that suits them best.
Keep your cybersecurity up-to-date and read more below.