Managed cybersecurity service Bay Area

(510) 272-4701

SUPPORT

CONTACT US

IT Policies and Procedures: The Missing Piece of the Cybersecurity Puzzle

2 MINUTE READ

New technologies have emerged that allow unprecedented efficiency, freedom and functionality e.g. cloud services, mobile computing, etc. However, they also introduce new risks that are harder to control and have higher impacts when something goes wrong. Technical measures, such as data backups and virus protection, are important for maintaining cybersecurity. 

 

However, they are only a part of the puzzle. They don’t protect organizations from: employees who take customer lists when they leave, internet downloads that slow internet connections or systems administrators who peak at email containing HR information. IT policies and procedures can protect against this.  

 

While there is no such thing as 100% cybersecurity, the following in combination with appropriate technical measures, will provide organizations with a very effective level of protection.
 

    1. 
      Ensure that staff knows cybersecurity do’s and don'ts

    2.

    Ensure that staff has sufficient resources and skills to exercise its cybersecurity responsibilities 

    3.

    Ensure that staff knows what to do in case critical IT services are unavailable 
    4.

      Ensure that cybersecurity is considered in job performance appraisals and results in appropriate rewards and disciplinary measures

    5.

    Ensure that staff has been vetted, especially staff in sensitive roles

    6.

    Ensure that the organization is not dependent on one individual for any key IT or cybersecurity tasks                     
    7.
    Ensure that privacy and intellectual property rights as well as other legal, regulatory, contractual and insurance requirements have been identified with respect to cybersecurity

     

    8.

     

     

    Ensure that cybersecurity aspects have been considered in all service level agreements and the security competence of the service providers has been assessed

    9.

    Ensure that cybersecurity guidance and contractual obligations for e-commerce and electronic payment exist
    10. 
    Ensure that applicable cybersecurity measures have been implemented, tested and kept up to date (e.g. data backup, archiving, access control, insurance, etc.) 

     

    11.


    Ensure that software patch installation and computer network maintenance procedures are followed
    12.
    Ensure that access control and connectivity rules for internal and external users have been implemented based in business need and risk                         
    13.
    Ensure that important computer equipment is safe from theft or damage (e.g. keep laptops and mobile phones on your person, ensure data backups are sent offsite, use operating systems with encryption on laptops) 

    14.

      Ensure that cybersecurity is an integral part of the application development process

     

    15.

     

    Ensure that a business continuity program is established, implemented, tested and kept up to date                     

    16.

      

    Ensure that there is a cybersecurity program in place based on IT risk, gap analysis and computer network performance monitoring                                               

 

If the bottom line is higher on your priority list than cybersecurity or reputation, policies 1, 2, 4-6, 11 and 15 can prevent many of your more expensive IT support incidents.

Ready to learn more? Get the latest Xantrion news and IT tips.

SUBSCRIBE

Like leading SF Bay Area based MSP Xantrion on Facebook Award-Winning Bay Area managed IT service provider Xantrion is on Linkedin Follow top Bay Area MSP Xantrion on Twitter