September 21, 2023
To develop a comprehensive cybersecurity plan, work with your IT department and management to craft a document that includes the best practices for handling, storing and accessing the personal data of employees. You will need to address:
- How the company will encrypt files that contain sensitive data
- Where hard-copies can be stored safely – preferably in a locked location
- How and when you’ll conduct internal risk assessments
- What employee information should be stored on the network
- Who will be allowed to view or edit sensitive employee data
- Under what circumstances employee information can be shared
- How this data should be stored and encrypted
- Who will oversee training
- Whether to hire a consultant to assess your network vulnerabilities
- Who will oversee security and serve as the go to person for questions
- How the company will manage a breach if sensitive data is compromised.
Once you have a plan in place, train both your managers and your employees in the new procedures. It’s also important for employees to understand the many ways thieves can get their or the company’s information. For instance, a cybercriminal who gets control of a victim’s social media account can defame and slander an employer and defraud an organization’s customers, partners, vendors and clients.
Training should include the importance of:
- Understanding the tactics that cyber thieves use to attack employees and corporations, such as phishing emails
- Using stronger passwords and securing the information
- Alerting a manager, HR and IT immediately about potential data breaches
- Using more secure networks
- Not accessing company information from public Wi-Fi.
Finally, it’s an excellent idea for your firm to carry cyber liability insurance.