Having the right protections in place won’t alone protect you from today’s cyber attacks. Companies should also ensure they have the proper policies and procedures in place to protect against human mistakes. Some of these would be policies around money transfers, bank wires, and credit card activities. Also policies around sending passwords or other company information via email. A company at a minimum should have these policies:
- IT use policy – document that explains what employees should and shouldn’t do with their computers and technology services
- Procedures for bank wires, credit cards, and other financial activities. Who can do them and how they should be approved using an analog process.
- Disaster plans – power outages, building loss, key employee, ransomware, account compromise
- Asset list – all assets of company including model and serial info.