Stories have appeared in the news this week suggesting that more criminal cyber gangs are now taking control of users' computers to watch every move they make. Now is the time to review those Internet security policies you have in your workplace...
You do have one, don't you?
Where an organisation allows employees and contractors to use the Internet, it must introduce appropriate policies and procedures to deal with the associated security risks of workers being online. Risks can cause the organisation damage and cost in downtime, wasted resources, data loss and intellectual property loss.
The organisation should only make Internet and computing resources available to authorised workers who require them as part of their employment duties. Deploying adequate security measures around the use of the Internet will protect your business systems and networks from viruses, worms and other malevolent electronic bugs.
Taking such measures will also guard employees and those on contract against inappropriate or illegal materials sent or downloaded either deliberately or by mistake.
Internet security in the workplace
What to consider...
- Put in place appropriate measures to maintain a high level of security for access to Internet resources, including passwords, which should be kept confidential to individual users and changed regularly (at least every 3 months);
- Nominate an appropriate staff member to have responsibility for Internet security measures;
- Undertake a risk analysis of potential security threats and implement a risk mitigation strategy. Legal exposure and liability may be reduced if the organisation can show all reasonable steps were taken to identify and reduce the Internet security risks which may engender the organisation;
- Have detailed plans on how network and data security will be maintained. The organisation should identify what information regarding Internet activities (including worker activity) will be recorded for audit purposes. The will allow those responsible for security to know exactly what information needs to be recorded and allow Internet users insight into what data is recorded regarding their activities;
- Lay down procedure for detecting compromises in Internet security, restoring security and preventing breaches from recurring;
- Have Internet security regularly reviewed by an external security expert;
- Put in place a training and awareness programme to ensure that all workers using Internet facilities are aware of current policies, procedures, risks and consequences.
If you need help in identifying the Internet security risks in your business, or want help in writing out a policy - E RADAR can help. Send us an email and we'll get back to you promptly.
Log in to your member account to download the Business Web Security Guidelines on this web page.