Are your employees using their own computers? Then you need a company network policy!
If your employees are using their own computers, you absolutely need a company network policy in order to protect against cyber attacks.
What, exactly, are the cyber security risks of employees using their own computers to connect to a company network? We’ll show you.
The Worst-Case Scenario
Take a moment to consider the following scenario:
In an effort to fend against cyber attacks, your company has invested in the latest and greatest, equipping offices with the most secure PCs and software. However, you employ a number of remote workers who connect to the company network from their own devices, some of which may be lacking when it comes to security. (For example, maybe one of your remote employees has not upgraded from Windows XP, and their machine hasn’t seen any security updates from Microsoft since April 2014!)
As a result, any company data present on this computer is up for grabs, and hackers steal every bit of it. Malware from this breached machine also makes its way to the company network, leading to a larger scale cyber attack.
Not only is your company reeling from this attack, but thanks to the General Data Protection Regulation (GDPR), you’ll have to prepare for an uncomfortable chat with the data commissioner.
So, have you taken the time to educate your employees about the risks of using outdated personal devices to complete company work? Do you have any established policies to prevent a situation like this one?
If not, it’s time to get started.
Developing and Implementing Policies
You can see from this scenario that network policies are crucial for any company trying to protect itself from cyber attacks and to prevent private company information from finding its way into the wrong hands.
If your company allows its employees to access its private network from non-company devices, you’ll want to consider the following ways to reduce the risk of cyber attacks:
- Develop and distribute a network policy which clearly outlines the lowest standard which devices must meet before connecting to the company network.
- Consider enforcing a BYOD (Bring Your Own Device) policy, outlining:
- Whether or not employees may connect non-company devices to the network.
- When they may connect non-company devices to the network.
- Any special instructions for how they should connect their non-company devices to the network.
- Implement a remote working cyber security policy which describes expectations for employees who choose to complete company-related work offsite.
- Consider, at regular intervals, whether your company should permit only company devices to connect to the network.
- Organise employee training via modules, meetings, or lectures to raise awareness about the risks of connecting devices which don’t meet security standards.
There are numerous ways you can protect your business from cyber attacks, but implementing policies about how the company network is used and accessed is one of the core steps you can take to reduce the risk.
If you need assistance with any of the topics outlined in this article, send us an email or give us a call. One of our team will be happy to discuss it with you, or for a more comprehensive cyber security consultation book a free, no-obligation consultation at your business premises today