Some of the contents include: Privacy and Data Security * Scams and Fraud * Network Security * Website Security * Email * Mobile Devices * Employees * Facility Security * Operational Security * Payment Cards * Incident Response and Reporting * Policy Development, Management * Cyber Security Glossary
All companies should develop and maintain clear and robust policies for safeguarding critical business data and sensitive information, protecting their reputation and discouraging inappropriate behavior by employees. Many of these types of policies already exist for "real world" situations, but may need to be tailored to your organization and updated to reflect the increasing impact of cyberspace on everyday transactions, both professional and personal. As with any other business document, cyber security policies should follow good design and governance practices -- not so long that they become unusable, not so vague that they become meaningless, and reviewed on a regular basis to ensure that they stay pertinent as your business needs change.
The "absolutely necessary" actions that a small business should take to protect its information, systems, and networks * Protect information/systems/networks from damage by viruses, spyware, and other malicious code. * Provide security for your Internet connection. * Install and activate software firewalls on all your business systems. * Patch your operating systems and applications. * Make backup copies of important business data/information. * Control physical access to your computers and network components * Secure your wireless access point and networks. * Train your employees in basic security principles * Require individual user accounts for each employee on business computers and for business applications * Limit employee access to data and information, and limit authority to install software. * Security concerns about email attachments and emails requesting sensitive information. * Security concerns about web links in email, instant messages, social media, or other means * Security concerns about popup windows and other hacker tricks. * Doing online business or banking more securely * Recommended personnel practices in hiring employees. * Security considerations for web surfing * Issues in downloading software from the Internet * How to get help with information security when you need it * How to dispose of old computers and media * How to protect against Social Engineering * Other planning considerations for information, computer, and network security. * Contingency and Disaster Recover planning considerations * Cost-Avoidance considerations in information security. * Business policies related to information security and other topics