» 

Blog

Posts Authored by Dirk Zwart

Preview of Gartner Security & Risk Management Summit 2017

Four days of security discussions, over seventy five speakers, and six program tracks; these are the numbers exciting cybersecurity professionals around the nation as they prepare to attend this year’s Gartner Security & Risk Management Summit. Taking place from June 12-15 in National Harbour, Maryland, this summit is one of the biggest and most important of the year.

Linoma Software, a HelpSystems company, will be attending this premier gathering of security, risk management, and business continuity management leaders, in order to take in this all too valuable informational experience.

Here are some must-see sessions that we’re looking forward to:

What Can We Expect from the EU’s General Data Protection Regulation?

June 12, 2017 | 10:00 AM – 11:00 AM | Carsten Casper

Are you ready for GDPR compliance? Do you have a timeline in place to implement the required security protocol? The latest cybersecurity compliance regulation out of Europe has companies around the world wondering – does this apply to us? This session will go into full detail about the regulation, as well as what actions IT departments in non-European countries must take to meet compliance regulations.

Forcepoint: Insider Threats: Understanding Intent and Creating Actionable Programs

June 12, 2017 | 11:30 AM – 12:15 PM | Dr. Richard Ford, Meerah Rajavel

In a time where large and harmful security breaches seem to occur as often as the sun rises and sets, companies often struggle to hard to pinpoint where these breaches are coming from and why. A recent study from Crowd Research Partners showed that cybersecurity professionals consider “internal threats” the biggest threat to IT security. This session, presented by Joint Forcepoint Chief Scientist Dr. Richard Ford and CIO Meerah Rajavel, will examine strategies for implementing people-centric protection systems that will prevent bad cyber practices and enable good behaviors to help stop breaches caused by internal threats.

Roundtable: Managing Cloud Service Provider Security

June 12, 2017 | 2:00 PM – 3:00 PM | Jay Heiser

When it comes to the many cloud services that enterprises are confronted with, well, the sky’s the limit (pun intended). The cloud and its many benefits are more relevant than ever, and in this session, speaker Jay Heiser poses the question: who is accountable for managing this risk and ensuring that these cloud providers can be trusted? With such promising discussion, we strongly urge you not to miss this one.

To the Point: How to Respond to PCI DSS v.3.2

June 15, 2017 | 12:00 PM – 12:30 PM | Rajpreet Kaur

The 2018 deadline for compliance to PCI DSS v.3.2 is rapidly approaching. This session will cover information surrounding the various enhancements to the latest PCI DSS version and how to deal with them. Our recent whitepaper breaks down everything new about v.3.2, but we’re certainly interested in hearing what additional details and considerations Rajpreet discusses in this session.

 

We can’t wait to see you at the Gartner Security & Risk Management Summit of 2017! Make sure to come find us in booth 100 or reserve time at the event to chat.


GoAnywhere MFT meets highest level of AS2 interoperability testing with Drummond Recertification

Linoma Software, a HelpSystems company, today announced that GoAnywhere® Managed File Transfer (MFT) has been Drummond Certified™ for the highest level of AS2 interoperability in the AS2-1Q17 test event.

AS2 or Applicability Statement 2 is a widely used standard for secure and reliable file transfer of EDI and other business data between organizations and their trading partners. Popular among B2B e-commerce and retail organizations, AS2 is known for its relatively low cost, increased security, and efficiency. Consecutively Drummond Certified since 2015, GoAnywhere MFT remains committed to offering guaranteed AS2 compatibility for customers and joins the ranks of 12 other software products worldwide with this most recent recertification. “We have consistently met the stringent requirements for AS2 Certification for over 2 years,” said Bob Luebbe, President and Chief Architect at Linoma Software. “The process is not easy but we believe it is well worth the effort to ensure our AS2 customers know without a doubt that our product will work in their environment. Guaranteed.”

GoAnywhere Drummond Recertification for AS2-1Q17

To qualify for Drummond Certification, software products must meet several requirements and submit to strict testing designed to verify compatibility between other certified products. “Vendors also work together to test RFC 4130 other optional functional areas such as: SHA-2, Reliability/Restart, Filename Preservation, Chunked-Transfer-Encoding and Multiple-Attachments. These companies dedicate months of automated testing to resolve issues in a real-world test setting, supported by Drummond Group’s InSitu™ Test System, and earning AS2 Drummond Certification as a group. Drummond AS2 certified products continue to provide the highest level of interoperability providing small, medium and large global businesses a wide selection of offerings,” said Aaron Gomez, Drummond Group’s Director of B2B testing.

In this test series, GoAnywhere MFT not only received Drummond Certification for AS2, but also met additional requirements for several optional tests including multiple attachments (MA), file name preservation (FN), file name preservation for multiple attachments (FN-MA), chunked transfer encoding (CTE), and secure hashing algorithm 2 (SHA-2). Learn more about GoAnywhere MFT and AS2 compatibility, by visiting our AS2 Solution page or request a demo to see GoAnywhere in action. 


8 Ways to Protect Your Healthcare Organization from a Data Breach

Last year there were 328 data breaches of healthcare organizations. That’s a new record, up from 268 the previous year. In these breaches, the records of approximately 16.6 million Americans were exposed. These incidents occurred at all types of organizations in the industry, including clinics, insurance providers and their healthsystem business associates.

If you’re in the healthcare industry, here are eight steps you can take to ensure that your organization isn’t the next one in the news.

#1. Continually Evaluate HIPAA Compliance

You’re in healthcare, so you already know about HIPAA, the Health Insurance Portability and Accountability Act that safeguards Protected Health Information (PHI). Fines for non-compliance can reach millions of dollars and even include jail time, which should be enough to ensure that you take HIPAA seriously. But you should also think of HIPAA as a solid starting point for avoiding major cybersecurity threats.

HIPAA requires annual risk assessments, and it’s not a bad idea to assess your security and compliance even more frequently. In a typical organization a lot of changes are made in a year, including new software implementations and upgrades, employee turnover and role changes, or mergers and acquisitions—all of which can create vulnerabilities. These assessments are also a great chance to evaluate your internal security policy and incident response plan.

#2. Educate Your Employees

We all worry about the nefarious hacker, lurking in a dark room and furiously typing code to steal your organization’s records. The truth is that one of the leading causes of healthcare data breaches in 2016 was employee error.

Make sure that all employees in your organization know what personal information can be shared with patients, caregivers, and others according to HIPAA and any state regulations you need to follow. Give your employees a test of their security knowledge or run simulations through phone calls and emails, and reward the employees who respond correctly.

#3. Manage Roles and Access

Keeping medical records secure can be a challenge because they pass through so many hands, but the access that a doctor needs is different than that of a member of the finance or IT staff. It’s essential that every user has an individual account with role-based access appropriate for their position. The IT administrator should also have full visibility into who accesses or manipulates what data and when, so they can identify suspicious activity such as downloading large volumes of data to an unknown IP address.

#4. Subnet Your Network

It may seem like a basic mistake to an IT or security professional, but you might be surprised how many healthcare providers leave patient records exposed to anyone who accesses the publicly available internet. Subnetting, or creating separate subnetworks, allows you to set aside part of your network for the public and others (with more security) for any applications that touch medical records or credit cards.

#5. Use Multi-Factor Authentication

The standard username and password isn’t secure enough for users who need to access private patient information. Multi-factor authentication typically requires at least two of the following: something you know (like your password), something you have (like a token), or something you are (like a fingerprint). A 2015 report by the Office of the National Coordinator for Health IT found that, while hospital support for multi-factor authentication had risen by 53 percent since 2010, only half of small urban hospitals were capable of it. Fifty-nine percent of medium and 63 percent of large institutions had the capability.

If you are a healthcare organization that still doesn’t support multi-factor authentication, it’s a key step to take toward securing your data.

#6. Protect Devices and Be Cautious with BYOD

The majority of healthcare data breaches occur not because of hackers, but because of stolen or lost devices. For devices owned by your organization, make sure they are encrypted and that you have the ability to wipe them remotely.

You should also adopt strong security measures in your BYOD policy. Employees will want to have the convenience of easily accessing PHI from their tablets, laptops, or mobile phones, but if one of these devices falls into the wrong hands, the result could be devastating to your company. Here are some steps you should take in your BYOD policy:

  • Require strong authentication methods
  • Don’t allow medical records to be stored on employee devices
  • Prevent devices from connecting to healthcare applications beyond a certain distance from your facility

#7. Ensure Business Associates are Protecting PHI

Healthcare providers rely on a wide network of associated companies and services. Business associates of organizations that must comply with HIPAA are also held to HIPAA standards for protecting patient data and will be fined if they fail to do so. Your business associate agreements with these organizations should be tailored to both HIPAA and any state regulations that apply to your organization. The associates should be required to develop internal processes to assess security, and discover and report data breaches. Choose business partners that are agreeable to complying with security best practices or they will be a liability.

#8. Encrypt Data at Rest and in Transit

HIPAA states that covered entities should “implement a mechanism to encrypt PHI whenever deemed appropriate.” That can be a little hard to interpret, but regardless of HIPAA or other regulations, strong encryption is the best way to protect your data.

HIPAA also says that if encrypted data is stolen, the incident does not constitute a data breach. In other words, you can avoid damaging your reputation by having to notify your patients, the media, and the government by using encryption.

A managed file transfer solution can encrypt your files both at rest and in transit using modern, secure encryption methods. Good MFT software will help ensure that you stay up-to-date as encryption standards change over time, while also making your data transfers simple to manage and audit.

To find out how GoAnywhere MFT can help you stay HIPAA compliant, download the guide.

 


MFT Agents: Definition, Differences and Use Cases

In GoAnywhere’s latest product release of its Managed File Transfer solution, MFT agent capabilities were introduced. The following resource aims to help readers understand what MFT agents are, the difference between a traditional MFT deployment and an MFT agent deployment and some example use cases. For further questions, open the Live Chat box at the bottom right of this page or send us an email at linoma.sales@helpsystems.com.

What are MFT Agents?

MFT agents provide real-time, remote file transfer capabilities that are controlled from a central MFT server. Managed File Transfer Agents are ideal for organizations with remote sites like branch offices, cloud environments or other remote locations, where remote management of data movement from a single flagship location is required.

With GoAnywhere MFT agents, IT admins can:

  • Enjoy centralized control of remote file transfers and workflows
  • Create Agent Templates with registration rules to easily deploy Agents on a large scale
  • Monitor remote locations for new, modified and deleted files on the system

MFT Agents vs. Traditional MFT

There are a few key differences between traditional MFT deployments and an MFT Agent deployment. By deploying agents, network professionals can manage all instances of the deployment from one centralized location, versus having to manage multiple locations individually. This drastically reduces the amount of configuration time, and can present major cost benefits considering the reduction in administration time, management of software updates and other tasks.

MFT agent capability allows IT professionals to easily deploy MFT agents on almost any server or workstation where file transfers need to be performed (Windows, VMware, Linux, Amazon EC2, Microsoft Azure, IBM I (iSeries), AIX, UNIX, and Mac OS systems). With this multi-platform capability, organizations with complex environments can greatly reduce the manual, repeatable work associated with the complexity.

MFT Agent Applications & Use Cases

In an interview with Linoma Software President and Chief Architect, Bob Luebbe, the wide application of MFT agents is explained. “The use cases for MFT agents are really endless. Whether it’s a franchise needing to synchronize files with its store locations, or a healthcare system needing to move PHI data between its data center and satellite clinics, the deployment of MFT agents will greatly simplify those processes,” he says.

Below are just a few use cases of Managed File Transfer agents:

  • Restaurant Franchises: Whether a restaurant chain has thousands of locations worldwide, or a handful of regional locations, MFT agents allow for the distribution of new proprietary recipes, pricing updates and other sensitive data to and from the remote locations - easily and securely.
  • Retail Stores: Retail organizations with a network of stores can now manage new season inventory updates, product launch information, changes to employee policies and more, all through one centralized solution.
  • Healthcare Providers: Healthcare clinics with multiple satellite locations can ensure PHI data is securely transferred between locations, pharmacies and other partners using MFT agents.
  • Insurance Agencies: Enrollment applications, new products and services, and pricing structure updates can all be transferred quickly and securely.

In any use case, MFT agents can run on systems inside an organization’s network to move files throughout the data center, or can be deployed to remote sites like branch offices, cloud environments like Amazon AWS, Azure, and other remote locations. GoAnywhere MFT Agents even allow users to create and schedule multi-step workflows that can copy files, archive files, translate data, send alerts, add data to a database, execute native commands, or perform other file system tasks.

The image below shows an example implementation model, where one agent is deployed to an internal network, two are deployed to remote locations and one is deployed to a cloud environment.

Imagine the possibilities if organizations could greatly reduce the time spent on manual file transfer processes, and reallocate those resources towards more strategic initiatives.

Could MFT agents be a fit for your organization? Schedule a democontact a product specialist at linoma.sales@helpsystems.com, or watch the on-demand MFT Agents webinar to learn more.

 

 

 

 

 

 


New GoAnywhere Release Automates and Secures File Transfers in Cloud and Private Networks

FOR IMMEDIATE RELEASE

Contact:  Mike Devine, Vice President, Marketing - HelpSystems
p. 952.563.1696
mike.devine@helpsystems.com

New GoAnywhere Release Automates and Secures File Transfers in Cloud and Private Networks

Omaha, NE. May 8, 2017 – Linoma Software, a HelpSystems company, today announced the release of version 5.5 of its GoAnywhere managed file transfer (MFT) solution, which allows organizations to deploy MFT agents across the enterprise to automate, secure and audit all of their file transfers from a single, centralized location. This new innovation adds to an already extensive suite of security and automation features including encryption at rest and in transit, batch and ad-hoc file transfer, peer-to-peer file collaboration, and more.

With this new version, customers can easily install MFT agents on almost any server or workstation where file transfers need to be performed including Windows, Linux, UNIX, IBM i and Mac OS systems.  These systems can reside on premise or in cloud infrastructure such as Amazon Elastic Compute Cloud (Amazon EC2) or Microsoft Azure. This allows for organizations with complex and ever-changing environments to greatly reduce the manual repeatable work associated with the complexity allowing IT professionals to focus on more strategic initiatives.

The MFT agents are managed by a central deployment of GoAnywhere, where customers can easily configure and schedule agent file transfers right from their browser. This new version of GoAnywhere not only transfers all files securely, but also gathers key information about the transfers for simple, consolidated auditing and reporting. This unique approach provides visibility of all file transfers within the organization.

“The use cases for MFT agents are really endless,” said Bob Luebbe, President and Chief Architect at Linoma Software. “Whether it’s a franchise needing to synchronize files with its store locations, or a healthcare system needing to move PHI data between its data center and satellite clinics, the deployment of MFT agents will greatly simplify those processes.”

MFT agent Features and At-a-Glance

  • Automates and secures file transfers within a centrally managed environment
  • Monitors agent systems for new or modified files
  • Schedules file transfers on agent systems to run at future dates/times
  • Provides additional workflow capabilities such as compression, decompression, data parsing, database integration, and native command execution
  • Sends automatic alerts via e-mail or text messages if file transfers fail on agents
  • Feeds audit data to the central GoAnywhere MFT solution for reporting


Top Takeaways from the 2017 Cybersecurity Trend Report


Do you ever wish you knew how other businesses are dealing with today’s security threats? The 2017 Cybersecurity Trends Report, recently released by Crowd Research Partners, provides insight into the cybersecurity concerns and priorities of organizations across a wide range of industries.

The report is a comprehensive study revealing current cybersecurity trends in threat management, data protection, cloud security, application security, mobile security, security training and certification, managed security, and more. The 2017 report is based on a survey of more than 1,900 cybersecurity professionals across businesses of all sizes, from those with fewer than 10 employees (7 percent of respondents) to those with over 10,000 (26 percent of respondents). Download the full report here or read on for a few top takeaways.

#1 - Everyone is Worried about Cybersecurity

Security threats are a very real and urgent concern for most companies. Over half (54 percent) of cybersecurity professionals anticipate successful cyberattacks on their organization in the next 12 months. And they aren’t taking that threat lightly. 52 percent are boosting their security budget by an average of 21 percent.

Most professionals are not convinced that they are ready for an attack. 62 percent of respondents were moderately confident to not at all confident in their organization’s overall security posture.

#2 - Lack of Budget is Greatest Barrier to Security

While the majority of organizations are increasing their security budget, finances remain one of the top obstacles to stronger security, with 45 percent of respondents citing lack of budget as a barrier that inhibits the organization from defending against cyber threats.

For this reason, it’s essential that companies spend their money on solutions that give them a solid return on investment. Using free tools and apps where an enterprise-class product is needed can cause a company to fall victim to a cyberattack, while purchasing the most expensive tools on the market can leave you with empty pockets and a long list of features you don’t need.

ROI of MFT calculatorNeed to secure and streamline your file transfers? Maximize your investment with the MFT ROI Calculator.

 

#3 - Internal Threats & Untrained Employees are Biggest Threats

33 percent of cybersecurity professionals are worried about threats coming from within the company. While a malicious employee may hack into sensitive data intentionally, in most cases the more pressing concern is careless or uninformed staff members. A lack of skilled employees tops the list of barriers to both stronger security (45 percent) and to threat management (33 percent).

Whether your insider threats are malicious or careless, solutions with role-based security and auditing are recommended to help mitigate risk of a breach. Role-based security enables organizations to restrict permissions of individual users to only the information and functionality required to do their job, while auditing capabilities provide detailed audit logs of actions taken by each user.

Another top concern is the security of cloud applications, services, and infrastructure. Respondents cited fears including the need to protect against data loss, threats to data privacy, and breaches of confidentiality. To protect sensitive data transferred using a cloud-based solution, experts recommend  verifying that the solution provides end-to-end encryption for protecting files at rest and in transit.

#4 - Encryption is Greatest File Transfer Challenge

The number one concern when it comes to transferring files is security, with 59 percent of survey respondents citing encryption of files as a challenge they face. This is a serious shortcoming given that 67 percent of respondents ranked data encryption as the most effective means for protecting against cybersecurity attacks. It’s critical that any organization transferring files implements a secure managed file transfer solution that streamlines the process of providing various types of encryption like SSL, SSH, AES, and OpenPGP.

Unfortunately, the majority of organizations surveyed are still using inadequate solutions. For example, email is still the most common file transfer method for smaller files, even though unsecured email is both vulnerable to cyberattack and difficult to track for auditing.

Over half of professionals surveyed said that they lack the tools to prove compliance related to transfer of sensitive files. The right enterprise file transfer software simplifies compliance by providing the security features required by major industry regulations, the reports an auditor needs to see, and even tools to help you check if your data transfers are meeting standards.

Learn more about what the 2017 Cybersecurity Trends Report means for your file transfers, or read the full report now.

Download the Cybersecurity Trends Report

cybersecurity trends report


The State of File Transfer Security

file transfer security
The 2017 Cybersecurity Trends Report was recently released by Crowd Research Partners. The report covers many aspects of cybersecurity, such as general security trends, cloud and mobile security, and managed security services. It also looks at how organizations are securing their file transfers, including some common file security pitfalls.

Here’s what the CyberSecurity Trends Report has to say about file transfers.

file transfer concern graphSecurity is the Top File Transfer Concern

When it comes to the challenges businesses face when transferring files, security is at the top of the list, with 59 percent of respondents citing it as a concern. Furthermore, over half of the IT security professionals surveyed said that if their file sharing practices were audited for regulatory compliance, they do not have the tools they need to streamline the process.

Managed file transfer (MFT) is the clear answer for both security and compliance challenges. A good MFT solution will provide a variety of encryption methods and secure protocols to combat modern data security threats. MFT software also includes detailed audit logging capabilities to ensure you can prove your file transfers are compliant in case of an audit.

Securing Customer Data is Critical

Protecting sensitive data is a significant concern for most organizations. Above all, companies are worried about the security of customer data—72 percent of survey respondents cited it as a type of sensitive data they are most concerned about protecting.

types of sensitive data transferred graph

There’s good reason to be careful about customer data. According to Verizon’s latest PCI DSS Compliance Report, 69 percent of consumers would be less inclined to do business with an organization that had suffered a data breach. Customer data security is also essential for maintaining compliance with PCI DSS and other industry standards.

Other types of data that respondents are concerned about protecting include employee data (66 percent), email (54 percent), corporate financial data (46 percent), and health information (33 percent)—important if you need to comply with HIPAA.

A managed file transfer solution can provide end-to-end encryption to protect files at rest and in transit. 67 percent of survey respondents ranked encryption as the most effective means for protecting data.

Too Many Organizations are Using Inadequate File Transfer Methods

Email is still the most common file transfer method for smaller files, used by 63 percent of respondents. This is a serious risk as unsecured email is both vulnerable to cyberattack and difficult to track for auditing purposes. Another 18 percent rely on writing custom scripts, a method that is both time-consuming and prone to error.

file exchange mediums graphFortunately, 49 percent of respondents have implemented managed file transfer software. Managed file transfer streamlines the secure exchange of data and provides organizations with a single point of control for all file transfers. Implementing an MFT solution that provides enterprise-level security features, role-based security, and full audit trails, is the best way to make sure your data transfers stay ahead of constantly evolving security threats.

To learn more, download the full Cybersecurity Trends Report.

cybersecurity trends report

 


Linoma Software Earns a Spot on the Cybersecurity 500

cybersecurity company

We are proud to announce that Linoma Software, a HelpSystems company, has been named to the Cybersecurity 500, a global list from Cybersecurity Ventures of the hottest and most innovative companies in the cybersecurity industry.

Cybersecurity Ventures chooses the Cybersecurity 500 by soliciting feedback from CISOs, IT security practitioners, and service providers, and researching hundreds of cybersecurity events and news sources. Joseph Steinberg, a cybersecurity expert and Inc. columnist, says that for years “business publications have shared lists of companies of which they recommend readers take note. The Cybersecurity 500 gives the same convenience and wisdom to people interested in the cybersecurity industry.”

Linoma made the list in the category of file security and data encryption. Linoma’s GoAnywhere Managed File Transfer software is an enterprise-level solution for automating and securing file transfers through a single interface. With extensive security controls and detailed audit trails, GoAnywhere MFT helps businesses achieve regulatory compliance, increase security, and streamline processes.


How to Create a Cybersecurity Policy for Your Organization

The cyberattacks and data breaches that make the news are usually the ones that happen at big corporations like TJX or Home Depot. But every organization, large or small, needs to be concerned about cybersecurity.

According to Symantec’s 2016 Internet Security Threat Report, 43 percent of cyberattacks in 2015 targeted small businesses—up from just 18 percent in 2011. Hackers might be starting to understand that even though small and mid-sized businesses may not have as much valuable information available to steal, they are also less likely than their large counterparts to have strong security measures in place.

An attack is usually devastating to a small company. The U.S. National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyberattack. If you don’t want your organization to be put out of business by a hacker, it’s time to improve your security posture. The first thing to do is develop something that most of the big companies already have: a cybersecurity policy. Here’s how:

Step One: Secure Senior Management Buy-in

If you’re in IT, you could probably tell most of your fellow employees a thing or two about security best practices. But in order to have the resources to design the policy and the authority to enforce it, you need management on your side.

It may help to point out that if you don’t have a cybersecurity policy, it could open you up to legal liability. For example, if you don’t want your employees connecting to your network with their own devices but you haven’t told them not to, what happens when an employee’s device with corporate data stored on it is lost? Your first reaction may be to remotely wipe the device—but can you legally do that without a written and user-acknowledged policy?

Step Two: Determine Your Security Guidelines

A key reason you need a policy in the first place is that modern cybersecurity has gotten very complex. There are a lot of details to keep track of, even for a small organization, and the landscape is constantly changing as both cybersecurity technology and cyber criminals become more advanced. Only you know your organization’s unique needs, but some things you might want to keep in mind include:

  • Which industry regulations do you need to comply with?
  • What data do you need to protect and how should it be stored and transferred?
  • What business software needs to be maintained and updated to stay secure?
  • What do you expect of all employees in terms of choosing passwords, appropriate internet use, remote network access, email guidelines, etc.?
  • Who will manage and maintain the cybersecurity policy?
  • How will you enforce the guidelines (what is the penalty for willful non-compliance)?

Once you have these questions answered, you should be able to draft your company’s policy. Depending on your current situation, understanding your security needs could be easy or could require extensive auditing of your current assets and tools.

We’ve compiled a few resources that provide templates and examples of cybersecurity policies below.

Step Three: Educate Your Employees

Did you know that internal actors are responsible for 43 percent of data loss? Half of this is intentional—disgruntled or opportunistic employees, contractors, or suppliers performing deliberate acts of data theft. But half of it is simply negligence. Employees don’t want to change their password every month if they can stick with “password123” forever. Some of them probably don’t see the problem downloading the attachment from that suspicious “urgent” email.

Communicate your new cybersecurity policy to employees, and make sure they understand the relevant details: what they are expected to do, how to do it, and what could happen if they don’t. Remember that things that seem obvious to you—like how to change that password—might not be known to everyone in the company.

Some organizations regularly test their employees on their cybersecurity knowledge. Make it fun and rewarding—there should be some kind of incentive for mastering security best practices.

Step Four: Monitor and Update Your Policy

Now your cybersecurity policy is up and running! But that doesn’t mean the work is over. A cybersecurity policy is a living document that needs to be updated regularly to include changes in your business, in technology, and in compliance regulations. Set a timeline for when you will re-evaluate the policy.

You’ll also need to determine how you will self-audit along the way. How will you know if the latest updates to your security software have been installed or that no one changed the server settings a month ago? Ideally, maintaining compliance with your policy will not be a fully manual process.

Bonus Step: Choose Solutions that Complement Your Cybersecurity Policy

Maintaining security and compliance across your entire business and all your employees can be daunting. Fortunately, dealing with all those moving parts doesn’t have to be so complicated. Implementing the right software solutions can mean that your security policy practically enforces itself.

For example, you may be checking systems manually that could be monitored automatically. And if you expect employees to update their passwords regularly, what’s easier—checking if they have done it on their own or using software that requires it? Software with role-based security and audit logging will ensure that you always know who accessed or changed what, and when they did it.

Ideally, any solution you choose to implement should come from a vendor that you trust to keep the software updated to match current security threats. Needing to replace your security tools or update custom scripts makes it much more difficult to keep compliant with your own policy.

Sometimes despite your best efforts, your data is breached. Check out these resources to help you create a data breach response plan.