Enterprise Software Singapore | SQL View

Providing Electronic Record & Document Management System & Facility Management System

How to create an Acceptable Use Policy for Employees

 

How to create an Acceptable Use Policy for Employees

The Cyber Security Agency of Singapore has seen a significant increase in cyberattacks over the last year affecting private users and organizations regardless of size or industry. Breaches are growing more sophisticated and evolving into major systemic dangers as the cyber landscape gets more complicated and dynamic. And with the surge in remote working due to the pandemic, it has increased the surface of cyberattacks. A breach of any company’s network and applications has far-reaching consequences as victims could include large vendors with sizeable customer bases.

Earlier this year, the Cyber Security Agency of Singapore launched the ‘Better Cyber Safe than Sorry’ campaign that focuses on four key elements:

  • Using strong passwords and two-factor authentication to better secure online accounts.
  • Vigilance and being able to identify signs of phishing.
  • Installing anti-virus software to prevent malware infections.
  • Regularly running updates and implement software patches to ensure devices are protected.

However, this is simply not enough to safeguard a  company from online threats. The increased frequency of cyberattacks highlights the need for organizations to examine their cybersecurity posture and ensure that their systems are built to be robust against cybercriminals. Furthermore, despite the fact that more individuals are becoming aware of the hazards and consequences of cyberattacks, many users still believe they will not be targeted and victimized.

This emphasizes the need for HR departments to define and enforce an Acceptable Use Policy. It should outline the standards on how employees may use the Internet, a network, or a linked device that touches the organization’s IT infrastructure.

1. Define which websites are acceptable and unacceptable

Employees that visit unsecure or inappropriate websites may unintentionally put your company at risk. There is a chance that the site contains dangerous content particularly with malware on adult and gambling websites. Your staff will know what is and is not acceptable if you have a policy in place.

2. All devices need to be secure

It is not important who owns a device – what is important is securing any device that is used for work purposes. A clear policy is needed to regulate any device ownership model, whether it’s BYOD or corporate owned. Because common business apps might be compromised, mobile device management can help strike a balance between use and control. The more apps your staff install, the more attack routes are available to hackers. Where possible, restrict employees to apps that have been approved by the company. Your policy should also address the various ways in which a mobile device interacts with the outside world. Custom apps are just one example of a possible security hazard. SD cards, Bluetoo