The world of cybersecurity consists of “the protection of information resources, …other assets” and the person or persons to whom the information belongs (Von Solms & Von Niekerk, 2013, p. 97). An organisation must incorporate security measures that are not only designed to protect the network and its components and the information stored on its servers, but also the steps necessary to ensure that the human component is addressed as well, moving beyond the realm of digital security to incorporate aspects of physical security. Several recommendations can be made, in terms of policies and structure, to an organisation in order to ensure that its cybersecurity practices and policies are as stringent as possible. When designing cybersecurity measures, the type of organisation matters, as does its layout, structure, and its resources, including its human resources, its digital resources, its physical resources, and its financial resources (Safa, Von Solms, & Furnell, 2016; Trim & Upton, 2016). The example cybersecurity policies and procedures detailed below are designed with a small business in mind.
The organisation should first ensure that all computer terminals on which customer or business information is stored, and any servers on which customer or business information is stored, are secured. Servers and computers should be locked when not in use, requiring employees to enter a username and password combination to access any information on the system. All passwords should be changed once every four to six months, and employees should be required to sign and agree to all security policies and procedures in writing, with punitive actions taken for any breach by an employee. Passwords should not be given out to anyone else, regardless of whether the individual works for the company, and care should be taken to deactivate the accounts of any employees as soon as they cease working for the company. Firewalls and antivirus software should be present on the network, and network monitoring should be standard. All hardware and software updates should be scheduled and implemented as soon as they are available, and all data should only be transferred in an encrypted manner. In terms of physical security, the organization should ensure that its network is not easily accessible by patrons who enter the building.
All computers should be separate from the customer areas, and if a computer must be placed in a customer centric area, it should be in a locked cabinet or container, preventing access to any of the ports by any individual walking in off the street. The physical building should be secured during non-business hours, preventing any unauthorized access to the computers. If wi-fi is enabled within the organisation, it should be password protected. Furthermore, if wi-fi is enabled for customer use, the organisations systems should not be logged in to the customer accessible wireless network. Logging should be enabled on all organisation systems, complete with the username of the individual making any changes or performing any actions. Still further, all employees should be trained in basic security protocols, including not clicking on attachments, not installing anything on the computers, not accessing personal content during work time on work machines, not using the company network for personal use, and other standard considerations.
Cybersecurity is a vital component to the success of a business in today’s digital world. As data breaches are becoming increasingly frequent, care should be taken by all individuals to ensure that their personal information is secure. The safety and security of electronic data is a responsibility for organisations and individuals alike. Today’s world is increasingly digital, and it is an organisation’s responsibility to treat cybersecurity with the same gravity as physical security.
- Sohrabi Safa, N., Von Solms, R. and Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, pp. 70-82.
- Trim, P. and Upton, D. (2016). Cyber security culture: Counteracting cyber threats through organizational learning and training. New York, NY: Routledge.
- Von Solms, R. and van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, pp. 97-102.