Organizations need to start by playing a game of ‘what if’. That is, they should conduct a thorough risk assessment that looks at:
(a) all the risks the business faces,
(b) how security might be compromised
(c) the cost to the business of a breach and
(d) how effective the mitigation strategy is.
Factors that influence this include how the business functions, where staff operate, what devices they use to conduct business and where corporate data is stored. As a starting point, here’s a list of the key building blocks of security policy:
- Assess the risks.
- Establish policies & procedures.
- Create an outbreak response plan and a team to manage it.
- Deploy appropriate security solutions.
- Define a security update strategy.
- Document the policy.
- Develop a staff awareness strategy.