Creating a cyber policy for SMEs

Posted by Jillian Stewart on Nov 6, 2018 3:51:09 PM
Jillian Stewart

To protect company data and systems from cyber attacks SMEs must devise, implement
and enforce a formal security policy. The policy needs to specify the systems and data that need to be protected against attacks and who is responsible for protecting it.

Staff are key to maintaining a culture of security in your business. The contents of your cyber security policy will guide employees on the use of technology and online behaviour.

Cyber risk profile

The first step in devising a cyber policy is to create a cyber risk profile for the business, which is discussed in How to become cyber ready.

Elements of cyber policy

The cyber policy should include guidelines on:

  • Passwords 
    • Storing passwords
    • Updating passwords
    • Different passwords for different logins
  • Sensitive data 
    • Identification of sensitive data
    • Encryption of sensitive data
    • Sharing sensitive data
    • Storing physical files safely
    • Destroying sensitive data 
  • Email
    • Sharing work email addresses
    • Opening email attachments
    • Blocking junk, spam and scam emails
    • Deleting and reporting suspicious emails
  • Work computers and devices 
    • Shutting down work computers and mobile devices when not in use
    • Locking screens
    • Use of work devices away from the workplace
    • Sharing of work computers and devices 
    • Storing devices when not in use
    • Theft or loss of a work device
    • Updates of software and security patches
  • Bring your own device (BYOD)
    • Use of personal devices 
    • Security protocols for BYOD
  • Removable devices 
    • Use of removable devices, eg USB sticks
    • Protecting data stored on removable devices
    • Protecting business systems from infected removable devices
  • Social media and internet 
    • Using the internet and social media during work hours
    • Using work email accounts on websites and social media
    • Sharing work information on social media
  • Cyber incidents
    • Responding to a cyber incident
    • Roles and responsibilities 
  • Cyber safety training
    • Core training
    • Regular updates
  • Disciplinary action
    • Compliance with cyber policy
    • Disciplinary procedures in the event of breach
SMEs should review and maintain their cyber security policy on a regular basis. With Dacreed's powerful online compliance training you can train managers and staff in cyber security. Once completed, you'll be able to demonstrate a lower risk profile to our partner insurers and get lower premiums – saving you and your business money along the way.

Topics: Cybersecurity

Proactively train your staff in AML/CFT

With the Dacreed online compliance training system you can:

  • assess your team’s knowledge, application and retention of AML/CFT training
  • keep track of your team’s completion dates and completion rates
  • tailor the training for different employees depending on their roles and tasks