Corporate policies for the use of email to support sound cybersecurity include the following:
Remote Access Policy (RAP)
The mode in which company employees access the internal network of an organization should be guarded by certain rules and regulations
Network Security Policy (NSP)
Computer network access should be restricted by well-outlined rules and guidelines
Email/communication policy
The usage of various communication channels and emails within an organization should be regulated (Yan, Qian, Sharif, & Tipper, 2012)
Internet Access Policy (IAP)
All categories of employees accessing internet connectivity within an organization should follow some well laid down rules and guidelines
Acceptable Use Policy (AUP)
This policy refers to the fair usage of an organization’s cyber network whereby the manager or owner of an organization should apply a set of rules and regulations on how to use the network platform of a firm.
In order to support the email policies outlined above, the IT management team alongside the executive arm of an organization should stress to employees the significance of cybersecurity. Regular workshops congregating all the employees should be organized so that they can be informed about the importance of being secure in cyberspace. Employees should understand the potential risks of cyber attacks (Von Solms & Van Niekerk, 2013). For example, employees should appreciate the fact that the operations of a company can be brought to a halt in the event of a cyber attack. Their individual efficiencies can also be compromised if they do not secure their immediate cyberspace.
Second, all internet users in an organization ought to be taught effective password management practices. The cybersecurity of an organization can be broken down by weak passwords that employees use in their e-mails. Employees should be encouraged to use passwords that cannot be easily compromised. Other password guidelines include using the same or similar passwords in various web pages, sharing passwords, and storage of passwords.
All internet users in an organization should be in a position to detect different types of phishing scams. Employees should be taught how to detect suspicious emails delivered into their inboxes and also avoid opening such emails at random. In particular, using external email architectures (such as Yahoo and Gmail) on a company’s cyberspace should be discouraged. Opening attachments without clearly establishing the sender should be avoided. In addition, confidential company information may be leaked through the phone. Hence, employees should be warned against exposing confidential data to unknown or unwarranted individuals.
Other measures include applying regular updates, protecting sensitive data, and locking computers and other machines used to connect to a company’s network.
A number of supporting guidelines and recommendations to support the mandatory policies, procedures, and standards can be adopted by organizations that desire to secure their cyberspace. For example, all portable media are supposed to be secured (Eastton & Taylor, 2011). Limiting access to portable media like laptops and phones is a major security measure. Before connecting a device to a company’s network, it is highly recommended for such devices to be scanned.
Moreover, stolen or misplaced company’s devices are to be reported to the IT security department as soon as possible. In some cases, attackers can easily gain access to a company’s network through stolen devices (Whitman & Mattord, 2011). It is possible for the IT experts of a firm to wipe the stolen and vulnerable devices before attackers can use them.
Employees and other internet users in an organization may be informed on how to play active roles in the cybersecurity of a firm. For instance, any unusual activity in their emails and connections must be promptly reported to the Information Technology administrator.
When using social media accounts, employees are supposed to apply optimum privacy settings. They should limit access of private information to the outside world except those who are in their accepted contacts (Andress & Winterfeld, 2013).
An organization’s workstations/computers and servers should also be fully installed with patch management applications. In case of any vulnerability, cyber attackers cannot penetrate patched systems.
References
Andress, J., & Winterfeld, S. (2013). Cyber warfare: techniques, tactics and tools for security practitioners. New York: Elsevier.
Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law. Boston, MA: Course Technology, Cengage Learning.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information Security: Law & Ethics. Boston, MA: Course Technology, Cengage Learning.
Yan, Y., Qian, Y., Sharif, H., & Tipper, D. (2012). A survey on cyber security for smart grid communications. IEEE Communications Surveys & Tutorials, 14(4), 998- 1010.