Cybersecurity Policies
SMEs should set up clear and specific rules outlined in cybersecurity policies for its employees on how they are expected to behave when using the company’s ICT environment, equipment, and services.
- Published
- September 01, 2021
These policies should also highlight the consequences an employee could face should they not adhere to the policies. The SME should ensure these policies are regularly reviewed, updated, communicated to employees, and that employees understand those policies,
Every SME employee should have the answers to these questions:
- Am I allowed to access the company network and systems from a home computer? Can I access work email using my private smartphone? And if so, what are the requirements?
- What is the process I need to follow when an supplier sends a request asking for their payment details to be changed?
- What should I do after receiving a phishing email?
- Am I allowed to use software that is not approved by my IT on my work computer?
- What is the approved method for me to share company data with others, especially those outside the company? Is there an approved file sharing platform that I can use?
- How can I access work email when accessing it over public Wi-Fi such as a hotel, airport, or indeed my home wireless network?
- How do I ensure my passwords are secure?
- The ideal policies should be short, succinct, with specific guidelines for employees to follow, and should be written in easy to understand language.