Cybersecurity threats are so severe that major countries at the risk of these attacks have developed policies to deal with the problem. The world lose over $6 trillion annually to cybersecurity threats and this number has increased five times during the current Corona pandemic. (William et al, 2020) The world has become increasingly vulnerable to Cybersecurity due to over reliance on technology over the years whereby the cyberattacks have caused breaches to several organizations. These organizations rely on information technology to carry out various organization processes such as accounting, keeping records of inventory, payroll and research. Almost every aspect of life currently is reliant on computer ranging from military weapons which are computerized to delivery of health care services, transportation and financial services (Clark et al, 2014). This dependence on computer has therefore lead to vulnerability of the cyberspace to terrorists, hackers, and criminals and it is critical that policies are developed to protect the cyberspace.
Cybersecurity policies are technology and processes that are developed to prevent and lessen the probability of an attack, or the severity of the negative impact realized after cyberattacks, carried out by people with malicious intent against information technology (Clark et al, 2014). Negative impact on information technology can be described as an action that brings change to how a given information hardware or software functions. These impacts can also be positive depending on the receiver of the action and perpetrator. A successful Cybersecurity policy in all its form that is whether written, spoken, printed, or electronically recorded is protected from any destruction, accidental or unauthorized modification in its entire life cycle. Appropriate controls are used to protect the equipment and software that are used to transmit, store and process information.
Cybersecurity policy ensures that all systems are protected against malicious codes that are capable of destroying, stealing or damaging information. A typical Cybersecurity policy will include antivirus software that will be installed on all systems and will be set to update itself automatically (Patterson, 2017). Secondly, a Cybersecurity policy is established for example use of strong passwords and all relevant users are informed of this policy which they are expected to abide to. All USB drives are then scanned for potential viruses and all employees are then made aware of the policy after which they are trained on ways to comply with the new procedures.
A Cybersecurity policy is risk-based and proportionate meaning the policy should be developed on a clear understanding of the risks, vulnerabilities and threats likely to face the organization. The policy should be outcome oriented ensuring that the systems are protected from any potential threat at the end of its implementation or least reduces the chances of cyberattacks. A Cybersecurity policy should be prioritized because not all threats are equal and therefore an approach should be developed to determine risks in order of priority according to the needs of an organization.
A typical Cybersecurity policy should also be practicable and realistic for example, a small sized company cannot use the same policies as a large corporation because the Cybersecurity risks are not the same (Zhang, 2013). Cybersecurity policies should also be respectful of privacy that is the privacy of employees should not be infringed using the new policies for example; a policy developed that spies on the employees is not acceptable. The policies should also be law compliant for example access to data should follow the appropriate processes as stipulated in the law.
The various elements of Cybersecurity policies can be articulated through training for example employees of a company can be educated and informed on the various ways of maintaining system security. This can be achieved by rewarding those who follow the policy and punishing those who don’t. The Cybersecurity policies can also be articulated by the employment of specialists who work within the company to ensure that the systems are protected always and to ensure that they catch any malpractices or threats to the system early.
A company needs to identify the biggest threat to their security as the first consideration for implementing a Cybersecurity policy (Patterson, 2017). The company needs to consider the applicable law and regulation before implementing a policy because some policies might expose the company to violation of the law. The company ought to consider its operations that is how they collect and store their information, their communication tool, and their available resources which shall determine the policy to be developed to cater for their unique needs (Patterson, 2017).
To ensure the ongoing success of a policy, all employees must be trained and informed about the new policies. Employees should be educated about threats that are likely to be faced by the organization and defense mechanisms that they can apply. Additionally, the organization must regularly check and update the policy in line with the emerging trends in Cybersecurity attacks. Sensitive and crucial information being emailed, storing or transporting should be encrypted.