The concept of zero trust implies organizations must work under a constant worst-case scenario. This means assuming breaches are inevitable and that no entity or users — coming from within or from outside the organization — should ever be trusted. This “never trust, always verify” approach significantly reduces the attack surface and minimizes the potential ...

When employees leave their workspaces behind — whether that’s for the night, the weekend, a longer vacation or just a quick lunch break — they may leave behind potentially sensitive information where it can easily be accessed by unauthorized parties. Unsecured USB drives, data files left open on desktops and printouts of confidential documents are ...

Whether due to resignation, layoff or firing, separating employees from the business is never a pleasant process nor is it always easy. Because many staff members have access to confidential data or company assets, it is critical to utilize a series of detailed and comprehensive steps to complete employee terminations and streamline the experience as ...

Cryptography engineers often collaborate with cybersecurity teams to integrate robust cryptographic solutions into software, hardware and network infrastructure, addressing potential vulnerabilities and mitigating risks associated with data breaches or cyberattacks. This hiring kit, written by Franklin Okeke for TechRepublic Premium, provides a practical framework you can use to hire the ideal cryptography engineer for your ...

The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find. This hiring ...

Antivirus software is critical to ensure information security of organizational networks and resources. By establishing an antivirus policy, organizations can quickly identify and address malware and virus threats, as well as detect and appropriately respond to incidents. The purpose of this Antivirus Policy, written by Madeline Clarke for TechRepublic Premium, is to provide guidelines for ...

In many ways, data has become the primary currency of modern organizations. It doesn’t matter whether you are a large business enterprise, SMB, government or non-profit, the collection, management, protection and analysis of data is a determining factor in your overall success. This policy, written by Mark W. Kaelin for TechRepublic Premium, establishes an enterprise-wide ...

Threats from malware, cryptographic infections and compromised networks have never been greater. Headlines regularly attest to such widespread problems, from infection-felled organizations to dangerous vulnerabilities in popular tools. Companies can’t protect their technological infrastructure, though, without a solid grasp of the actual equipment in play. A checklist, like the one created by Erik Eckel for ...

The Data Encryption Policy’s purpose is to define for employees, computer users and IT department staff the encryption requirements to be used on all computer, device, desktop, laptop, server, network storage and storage area network disks, and drives that access or store organization information to prevent unauthorized access to organization communications, email, records, files, databases, ...

Digital information is generally the lifeblood of any given organization, containing essential company data needed to run the business. Paperless offices have become the norm across industries and remote work depends on the ability to share electronic information for communication, announcements and collaboration. This checklist, created by Scott Matteson for TechRepublic Premium, provides a strategy ...

As the digital landscape becomes more interconnected, it brings with it the growing threat of cyberattacks. The purpose of this policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to outline the terms and conditions under which the company provides coverage to its employees for losses incurred as a result of cyber-related incidents. Featured ...

In general, security analysts are tasked with identifying weaknesses in current security systems and developing solutions to close security vulnerabilities. To perform this task well, ideal candidates will have highly advanced technical skills, a proven ability to communicate with all levels of an organization and experience applying both skillsets to solve real problems. This hiring ...

Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death of an organization unless responded to in a poor fashion (or not at all). The purpose of this Security Response Policy, written by Scott ...

Risk management involves the practice of addressing and handling threats to the organization in the form of cybersecurity attacks and compromised or lost data. The process of establishing appropriate risk management guidelines is critical to ensure company operations and reputation do not suffer adverse impacts. The purpose of this policy, written by Scott Matteson for ...

Data breaches can cost companies tens of thousands of dollars or more, and can pose a significant risk to company operations and reputation. Customer information is usually one of the favorite targets of hackers as it contains confidential details which can be used to commit property or identity theft. Even innocent mistakes such as a ...