COVID-19 stay-at-home orders have challenged the very fabric of the U.S. education system, particularly when it comes to providing underserved students with equal access to remote learning capability. Commonly referred to as the “Homework Gap,” a lack of equality in the distribution of internet connectivity, computers, tablets, and other IT services outside of schools – and in student homes –... Read More
If you’re in business today, there are three words that are critical for you keep in mind: Cybersecurity. Is. Important. As such, every business needs to have taken the time to put together a cybersecurity policy--a set of guidelines that instruct the business how to proceed with the highest level of security possible. We’ve taken the liberty of suggesting a few guidelines for your business to follow as you do so.
- Written by Ken Fletcher
- Published: 23 Mar 2020
Establish DefinitionsWhen you’re putting together a cybersecurity policy, there cannot be any uncertainty in what you are referring to at a given time. It is important for you to make it clear: if one of your policies references a “cyber incident,” what kind of situations could that apply to specifically? This makes it imperative that you clearly establish what certain terms you use in your policies refer to, relatively early on. Take the “cyber incident” example: does that refer to an attack by a cybercriminal, or does it refer to an internal mishap or equipment failure. If it does refer to an attack, does it describe a limited scope, or do all attack vectors (phishing, man-in-the-middle attack, et al.) fall under its umbrella? Remember, the person referencing this document will be a relative layman, so you need to make sure that these definitions make it clear to them what situation they are encountering and how to proceed.
Establish ProcessesWhen you are putting together a cybersecurity policy for your business to follow, the fundamental idea is to make sure everyone is on the same page in the event of some major issue, event, or need. Therefore, you need to make sure you create standards that apply to a variety of circumstances, such as the need for remote work to take place, what qualifies as acceptable use of the Internet, and the modern demand for improved passwords and other forms of authentication. You also need to remember that various regulations and other compliance requirements could come into play, and adjust your standards accordingly. As you document them, these procedures themselves should include:
- What protections are in place (and what they protect against)
- What backup policies are in place
- What the updating/patching process looks like regarding your protections