Employee Security Policy (Cyber Security Part 2)
Support Silicon Dojo at:
https://www.donorbox.org/etcg
Employee Security Policy
Culture
Employee Bonding and Buy In
Relationships are worth more than products
People telegraph their intentions, fire them BEFORE they become a problem
Seek to understand employee problems and then find where YOU can yield
Managers are employees too…
Build a network of influencers and get their buy-in
IT and the CEO
What does the CEO envision
What are the CEO’s goals
What are the CEO’s priorities
IT and HR
Understand the hiring and firing process
Understand what issues HR is having
Understand what the rules and laws are for employers
IT and Legal
Understand what the legal priorities of the company are
Understand what regulations effect your company. HIPPA, PCI
Create a connection so when asked to do something questionable you have someone to call
IT and Marketing
Understand what data Marketing wants
Understand what systems Marketing uses
IT and Employees
Understand what the employees are supposed to do
Understand what the employees actually do
Understand Pain Points
Acceptable Use Policy
Tell your employees what is and is not acceptable use of electronics equipment.
Have them sign the dotted line…
Many free templates available.
Don’t just copy/ paste a template. Think about what you are telling your employees to sign.
Stupid contracts breed contempt….
Written Employee Policies
Having written policies keeps everyone on the same page
Written policies make discipline easier
Have a formal review process for policies with timed revisions and updates
Social Media Policy
“Cancel Culture” is real
Make sure employees understand where the company stands
Do you want employees putting who they currently work for on social media?
DON’T FRIEND COWORKERS
Standards for Discipline
Rules NEED punishments
Document what the punishments are, and why they are implemented.
Make discipline actions as public as possible (Legal considerations)
“Discretion” is “racism/ sexism/ ableism/ ismism”
Worth the Argument?
Some times “because” is an appropriate answer
In Debate Culture YOU LOSE
Fighting is more fun than working…
Deal with in PRIVATE
Business is a decision, what do both sides actually care about
Separation of Authority
No one person to blame
“I would, but… THEY won’t let me”
Digital Surveillance (Video and Audio)
Email Scanning
Scan emails for objectionable words, bounce back emails and notify that the email was logged.
Communication is about more than “email”
BYOD Issues
If THEY own it what rules can you have?
Create separate networks for BYOD
Build a ZERO TRUST infrastructure
Shadow IT
Why are employees using Shadow IT?
What Pain Point is Shadow IT solving?
Bring Shadow IT into the light.
Shadow IT NEEDS consequences
White List/ Black Lists and DNS
Use DNS filters and such to prevent users from going to inappropriate sites on company equipment.
Give employees a safe passage with guest network access for their BYOD
System Auditing
Have systems continuously audit the infrastructure
User logons
Device Discovery
Available Network Services
SSID’s
Asset Tracking
Create process for Asset Tracking
If a laptop is stolen would you know?
Physical Access Control
Locks keep good people from doing stupid things
Create access control between departments, building floors, and IT infrastructure
Create a process for gaining access
Audit who has access to what areas
Logs and Real Time Notifications
Create systems to notify admins in real time about security issues
Disabling Terminated Employees
Zombie Accounts are a HUGE problem
“Security” is about more than firewall ports.
Create a Coffee Budget
Views : 9142
cyber security
Source by Eli the Computer Guy
