Information Security Best Practices: Annual Updates and Reporting

Don’t let all your hard work go to waste. The worst thing to do after investing time and resources into your information security program is to allow it to sit on the shelf and become obsolete. Threats and risks are changing daily and it is imperative that your policies stay up to date. Requiring an annual review, with results are reported to the Board of Directors and senior management, will help to ensure that your program remains current and can handle any future incidents.

Information Security Best Practices: Incident Response

Hands down, the worst time to create an incident response program is when you are actually having an incident. You can’t undo what has happened and you’re in crisis mode dealing with the after effects of the breach.

Not the time to be putting policy to paper.

Your reputation is severely at risk, and if you respond inadequately you risk making it worse with law enforcement as well as your customers. Act as if a breach is inevitable and take the time to develop the language and procedures you will use in the event of an incident to ensure you’re prepared when the time comes.

Information Security Best Practices: Employee Awareness Training

How well informed are your employees to identify or prevent a security incident? Each and every one of your employees can act as a member of your own security army with some simple training. The first step in recruiting them for the cause is to set the expectations appropriately and communicate those expectations in your policy.