Security teams may not be able to defend against every new hack or intrusion that crops up, but having strong policies in place is the first step in strengthening corporate defenses.
Intrusion detection policy
Data breaches are a fact of life for all modern companies. Enterprises must reduce cybersecurity risks and at the same time prepare for how to handle an intrusion.
An enterprise with a clear and concise intrusion detection policy will be ready to react and counteract intrusions into its network. A plan of action will reduce potential damage and protect vital enterprise data.
This Intrusion detection policy includes advice on how to set up a detection team, define requirements for intrusion detection analysis techniques, and identify systems, applications, and devices to monitor.
Identity theft protection policy
Identity theft is also a common problem for workers and individuals in these days of mobile banking and online healthcare portals. Identity theft can happen on home and corporate networks and cause an array of damage to consumers and businesses alike. Thieves use social security numbers, birth dates, driver license numbers, mother’s maiden names, accounts/passwords, and other personal information to impersonate someone else.
The thieves can open new accounts or access existing ones and engage in fraudulent behavior to the detriment of their victims. Hackers obtain this information through physical theft, unauthorized electronic access, or social engineering.
This Identity theft protection policy provides guidelines for protecting your own personal information and safeguarding employee and customer information. The California Consumer Privacy Act is only the first law that establishes penalties for loss and misuse of personal information.
Putting a privacy protection plan in place will reduce the risk of losing data in the first place as well as protect your company’s liability under this privacy law.
Mobile device security policy
Mobile devices are just as susceptible to data and security breaches as desktops or laptops. The same social engineering, phishing, and OS vulnerabilities which plague desktops and laptops are just as applicable to mobile devices.
This Mobile device security policy includes requirements for users, including guidance about: passwords, applications, and downloads.
There are guidelines for IT professionals as well including mobile management advice, available anti-malware software, and user support.
India will soon have a new cyber security policy, announced Prime Minister Narendra Modi in his speech on India’s 74th Independence Day Saturday.
Modi said that his government is aware of the threats emanating from cyber space and how they had the potential to impact India’s society, economy and development.
“Cyber security is a very important aspect, which cannot be ignored. The government is alert on this and is working on a new, robust policy,” he added.
The announcement was made in the backdrop of the government’s initiative to connect 1.5 lakh gram panchayats through optical fibre network, thereby increasing the country’s internet connectivity.
Policy needed to check increase in cyber crime
Modi said that when there is an increase in internet connectivity, cyber crime activity will also increase rapidly. This will happen with online transactions, data phishing activities and, therefore, a cyber security policy is a must to control cyber-related crimes.
“When the internet comes, there is always an increase in cyber crime risk. So we will soon come up with a new cyber security policy,” Modi added.
The Internet Crime Report for 2019, released by the USA’s Internet Crime Complaint Centre of the Federal Bureau of Investigation, has revealed that India stands third in the world among top 20 countries that are victims of internet crimes.
The report said that most cyber crime cases registered were for the motive of fraud, followed by sexual exploitation and causing disrepute.
What will the policy deliver?
The main aim of this policy will be to protect information and information infrastructure in cyberspace and build capabilities to prevent and respond to cyber threats, said a government official.
The policy will work on reducing vulnerabilities and minimising damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
"The objective is to create a secure cyber ecosystem in the country,” he said.
Moreover, the policy aims at enhancing the protection of India’s critical information infrastructure.
“This policy will enable protection of information and also effectively safeguard citizen’s data, (thereby) minimising chances of data theft and bringing down cyber crime in the process,” he said.
Apart from keeping cyber crime in check, the policy will also work on cracking down upon “misinformation being spread”.
According to a second government official, during the border tensions at the Line of Actual Control, Chinese and Pakistani social media activists had seemingly started campaigns on social media to allegedly spread misinformation against India.
“Spreading of such misinformation for propaganda also needs to be checked and will be a focus of the policy,” .