Often is the simple answer. Cyber security threat landscape is constantly changing, and policies and procedures need to be updated on a regular basis to address these changes. The workplace is also constantly evolving. At the start of 2020, who would have thought that a global pandemic would force most corporate offices to close and resume business with a remote workforce?
This is the change that COVID-19 brought with it for many businesses. The threat landscape changed as well, as hackers were busy crafting scams to mimic announcements coming from the World Health Organization (WHO). So, not only did the attack surface change, but some of the methods employed to attack have also changed. Did your organizations cyber security policy also pivot to accommodate these changes?
The dangers of not updating your cyber security policy is that it can leave you vulnerable to attacks, and potentially put you out of compliance with government and industry standards. According to Infosec Institute, you should be reviewing your policies at least once a year. Additionally, any of the following reasons should trigger a policy review:
- New branches or offices are opened
- New enterprise applications, network devices or services are added or updated
- New products or services are added, especially in cloud-based industries
- Systems are retired or decommissioned
- Changes are made in when or how employees work, such as offering a “bring your own device” mobile phone or computer policy, core work hours are changed or when employees are offered the ability to work remotely
- Services or operations are outsourced
The second to last point is key during COVID-19, as most organizations had to make changes to “how employees work.” Many organizations had to rely quickly on remote work, which lead to many workers using their own devices at home to access core data.
Are cyber security policies something that has you and your organization stumped? Not sure where to begin? Contact Uzado to help you build a policy that can grow and adapt to your changing business needs and the ever changing threat landscape.