Following a year in which a series of cybersecurity threats, like the hacking of SONY Pictures, grabbed headlines and brought a new sense of urgency, the President made sure to talk about cybersecurity in his 2015 State of the Union address. He followed this with a series of more detailed proposals that, if enacted in legislation, would require companies to disclose more data to the government and notify their customers within 30 days of security breaches.
The possibility of new regulatory compliance standards has many small businesses wondering what they should be doing now and how they’ll pay for it. The good news is that there are simple and proactive steps companies can take to ensure compliance and enhance the security of their data.
Based upon the substance of the President’s proposals, companies need to consider the following cost-effective solutions.
1. Establish a Formal Policy for Cloud Security
To ensure that your employees are able to work securely not only at work, but also at home and while traveling, your company should adopt a policy with clear directives regarding management of employees' laptops, tablets and phones. Think of this as including hard standards for a “bring your own device” policy.
2. Train Employees on the Security Impact of Their Digital Behavior
Your employees need to understand how hackers operate, and what they can do to enhance security. By scheduling training sessions with IT leaders, employees can stay informed on the latest updates in computer security and the tactics that cyber criminals are using.
3. Promote a Team Approach
Your employees need adequate support from both you and their coworkers in their efforts to maintain security. Encourage them to work with you and each other as members of a team in identifying and reporting any potential security breaches they encounter or are unsure about.
4. Implement a Security Breach Response Plan
Security breaches can occur even when you take all reasonable steps to avoid them. For this reason, you need to have in place a detailed incident response plan in the event a breach does occur. You will need to share the plan with your employees and train them in the steps they need to take in this event. Your plan should include varying classifications of security attacks and encompass a clear set of standards for crisis communications. Once your incident response plan is in place, you need to test it from time to time to ensure it is working effectively and efficiently.
It’s understandable that companies have concerns about the constantly shifting landscape of data security, cyber hacks, and breaches. But you can allay whatever fears you have regarding compliance and enhance the security of your data by establishing a proactive plan. It is also important to train your employees so that they understand and conform to the policies and standards of the compliance management solutions you implement. Check out our free eBook on social engineering to learn more about staying secure.