How businesses can make a cyber security plan for their employees

July 20, 2020

One of the best defences against cyber threats is education: knowing what threats are out there and how to protect yourselves from them.
When it comes to your business, it’s not just about educating yourself, but also your employees.
One of the best ways to keep your employees up to date on cyber security? A cyber security plan.
Here’s how you can create a cyber security plan that will help you – and your employees – keep your business secure.

hand-shaped cursor in empty space between cardboard boxesWhy you need a cyber security plan

Protecting yourself from cyber threats is easier when you’re only concerned with managing your accounts and devices. It gets more complicated when you’re trying to manage cyber security for a whole team of people – particularly when they are all logging into the same network or using the same corporate accounts, such as for social media.
The possibility of someone not following cyber security best practices while logging in to the company Wi-Fi network or a social media account or checking email is very real.
Cyber criminals love to target businesses for attacks. Not only is there a lot at stake – from customer information to lost revenue – but there are also many points of entry with so many different employees working together.
That’s why it’s helpful to have a cyber security plan in place for your business.
A cyber security plan sets out the rules a business’ employees need to follow. This should include education on the sorts of software they are allowed to download, how to spot a phishing email, and individual roles and responsibilities on what business information they can share online.
A policy like this can help augment the best method of keeping your business cyber secure: Education. By letting employees know what is and isn’t cyber secure you can help educate them on how they can protect your business from cyber criminals.
Combining this education with a cyber security policy is one of the best ways of empowering your employees so they can be the first line of defence against cyber threats.

Common elements of a cyber security plan

Cyber security policies should be customized for each individual business. That said, there will likely be common elements that most policies will want to account for.
This includes internet usage, email safety and social media.

Establish a clear internet usage plan

An internet plan sets out important information about what employees can do online.
In most cases, this includes:

  • Restrictions on the types of websites that employees are able to visit
  • Guidelines on what kinds of software they can download as well as requirements that they seek permission to download new programs
  • Requirements to use passphrases or complex passwords for all devices and accounts

Establish rules for email safety

Many cyber criminals use email as a key tactic to steal information from their victims.

  • Restrict the amount of personal email sent using employees’ work accounts. This will limit your business' exposure to online threats that come through personal contacts.
  • Specify when it's appropriate for employees to share their work email addresses. Limit it to trusted contacts and organizations.
  • Tell staff to avoid using the "@" symbol when posting a company email address online. Instead, use formatting such as "john at companyxyz dot com" so that spambots can't extract the email address.
  • Caution employees to be wary of opening and responding to suspicious emails.
  • Direct employees to avoid opening email attachments unless they're from trusted contacts and organizations.

Establish a social media plan

Social media is no longer optional for most businesses – it’s essential. That leaves more businesses vulnerable to threats from cyber criminals through social media than ever before.
Here’s what you can provide guidance on for a social media plan:

  • Set rules on what kinds of business information can be shared online and where.
  • Prohibit employees from posting confidential and proprietary information.
  • Create instructions on whether employees should use their work email to sign up for social media sites and newsletters.
  • Set guidelines on the correct usage of company trademarks.

Establish a BYOD (bring your own device) and telework plan

Decide how (and if) employees should access business data on personal devices and the procedure to follow if a device is lost or stolen. If an employee leaves, be sure to remove their access to your accounts.


One of your best defences against cyber threats to your business is a solid cyber security plan. By including the information above, you’ll be well on your way to empowering employees to help keep your business cyber secure.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: