8 Essential Policies & Procedures for Improved Cyber Security

2. Multi-Factor Authentication for Devices and Applications

3. Automatic Updates and Patching

4. Daily Backups

6. Device Security

7. Lost or Stolen Personal Device Procedure

8. Social Media Security Policies

We’ve all seen them – an email asking you to pay an invoice or change bank details from an apparent client or trusted individual. These schemes (phishing) are getting much better all the time, so it’s important to put procedures in place to mitigate against these losses, even when it’s near impossible to identify the fraudulent emails from the legitimate ones.

A call-back procedure is when you verify requests to pay an invoice for the first time or alter bank details by calling a trusted person at that company.

Step 1
You have received an email/call to pay a new invoice or set-up/update payment information. This includes setting up a new supplier/vendor/other or making any changes to their payment details.

Step 2
Verify the request before taking any action by calling a trusted representative of the company directly to confirm that the request or the payment information is accurate and came from them.

It is simple to get started and most systems have this functionality already – you’re probably already doing it for a lot of them. The standard way of doing this is by making it so you need both a password and SMS code to login to an account or system.

• Combination of passwords and other authentication methods for devices and applications (i.e. SMS codes, keycard, facial/fingerprint recognition).

Australian Government – Implementing Multi-Factor Authentication

Software updates are more than the glamorous changes to the operating system on your phone – software companies (Microsoft, Apple) use “automatic updates” as bug fixes and security patching to ensure security is up to date and any errors or holes are fixed as soon as possible. By turning on this feature, your devices and applications will automatically update to keep your device/network secure.

Australian Government – Step by Step Guide: Turning on Automatic Updates

• Monitor privacy settings for frequently used applications (i.e. social media)
• Automatic screen lock so a device is not accidentally left open and easily accessible.
• Unique passwords that are updated regularly.

• Antivirus software that is kept up to date (don’t ignore those update reminders!)
• Avoid free wireless networks for business devices or applications. This includes using your personal device for work applications (i.e. email while travelling) because free wireless networks are an easy way for cybercriminals to hack into your systems.

• Wiping data from a stolen device. Most devices have this function already – if a device is stolen, it is reported and then all data is wiped from the device. This may seem like drastic measures, but if you have backed everything up then you won’t actually lose much – but it prevents someone else from accessing your data.

• Ensure the device is backed up so the data is not lost with the device.
• Ensure any ‘find my device’ function or the ability to encrypt the device are activated, as these measures can provide additional security in the event of it being lost or stolen. It can also help get the actual device back

• Limited number of authorised users have access to company social media accounts;
• System in place to immediately revoke user access if they are no longer at your company;
• Outline what can and cannot be posted on company social media accounts;

• Outline the process for responding to complaints or inappropriate comments;
• Process for regaining control of hijacked company social media accounts, which can be facilitated with the help of your IT provider;

This article from the Australian Government provides some useful tips for social media security policies:

Australian Government – Security Tips for Social Media