Military And Defense

6 Things to Include in Your Company’s Cyber Security Policy

In 2017 and beyond, it’s pretty safe to say that cyber security threats are only going to increase.

The crazy part is that networks and computers themselves aren’t the biggest risks a company has – it’s the people. According to the 2014 IBM Cyber Security Intelligence Index, more than 95% of all investigated incidents involved human fault.

Obviously, human error is something that can’t be removed completely; however, incidents can be minimized through robust cyber security policies and adequate employee training.

This article discusses the 6 key points that you should include in your company’s cyber security policy.

1. Proper Password Creation and Management

Employee network accounts are often the easiest and most frequent targets of cyber attacks. Brute force hacking is a method used by hackers to essentially guess the user’s password.

A good password can literally make or break your business’ cyber system. Your policy should include information on creating strong passwords with lower and upper case letters, symbols, and numbers. It should also cover how often to change passwords and how to properly store them.

2. How to Apply Patches and Updates

If your company has an effective network security scanner then, usually, system updates and patches are implemented automatically. That said, your policy should still cover how to manually update anti-virus programs, security patches, and other cyber security risks.

These types of updates are typically released fairly often, so perhaps have your employees check once a week to ensure everything is up-to-date.

3. Detecting “Phishing” and Other Email Scams

“Phishing” is when an outside email makes its way into you or your employees’ inboxes as an enticing offer with the malicious intent of acquiring information.

To many people, phishing sounds ridiculous.

“Who would fall for something like that?”

Well, as it turns out, more than you’d think.

Awareness and proper training are your best defenses against these kind of attacks. Never click on a link from an outside email unless you know the sender and are 100% sure that it’s safe.

4. Properly Locking Computers and Electronic Devices

The risk of an internal threat to your cyber security system is usually higher than someone trying to hack in from the outside. Make sure your policy covers locking computers or logging out when employees leave their workspace.

This can be especially useful for businesses located in an office park, where other people outside the company have easy access to the inside of your building.

5. A Process for Reporting Lost or Stolen Electronics

A lost cell phone, especially if not password protected, can be an entry point for someone with malicious intent to access your system. In order to prevent any situation from happening, first one should obviously password protect their devices, and second, the cyber security policy should discuss what to do in this situation.

Usually, prompt reporting of the stolen device to IT can ensure that the device is wiped of sensitive data and no threat is possible.

6. Regular Scheduled Trainings to Tie It All Together

Even the best cyber security policy is useless if no one uses it or even knows it exists. Make sure that all new employees go through some sort of training to understand proper defenses. Then, ensure regular trainings are provided to keep cyber security fresh on your employees’ minds.


As a business owner, you are responsible for the safe handling of you, your employees’, and your customers’ sensitive information. Creating and implementing a sound cyber security policy is one of the best first things you can do to protect everyone.