Not Just Another Set of Rules: Cyber Policy

Not Just Another Set of Rules: Cyber Policy


Cyber security policies are a set of standards of care a company must have for working with information over a computer network. They ensure a company is operating in compliance with state and federal laws. Such policies are made up of lists of protocols and boundaries for employees to abide by, while working with computer systems.

Rather than thinking of policies as a set of rules to follow, think of them more in terms of their purpose and benefits for employees and your overall organization. The clarity such policies allow employees to know and understand how they should respond according to the values established by your company. In a nutshell, policies take the guesswork out of what employees should do.




Over 25 states currently have Cybersecurity/PII regulations. Both the Federal government and a small number of states (and growing) are actively auditing and fining businesses for breaches of compliance. If you have never heard of such terms as ‘Acceptable Use,’ ‘Third Party Compliance,’ ‘W.I.S.P.,’ or ‘I.S.S.P.’ it may be a good time to consult an IT professional.


If you are the owner or manager of your company, you are the CCO of your company when it comes to Cyber Security Policy. Coming up short when employing security standards, staying informed, and monitoring and managing outcomes, will cost you greatly, if neglected.


Look at compliance as a necessity for the success of your company’s vision. Without careful consideration, compliance can cost you that vision. It can cost you in litigation, fines, and a souring of your reputation with your clients and other businesses. Always consult experts when it comes to making sure your company is on task when it comes to compliance and the law.



Perhaps the best place to start in this process is by checking your current cyber liability insurance. Taking this step, will allow you to get a handle on how exposed your company is to receiving damage during or after a security breach or attack. Answer the following questions to yourself:

  • To what extent am I covered in the event of any potential security issue?
  • What is expected of me and what is my responsibility in this agreement?
  • Where is my current insurance lacking in coverage?

Common cyber liability “insuring agreements” include information on how and to what extent you are covered. It is this portion of your insurance policy where the insurer promises to make payment on behalf of the insured. Always read through this section thoroughly as to verify whether your policy will cover you in the event of a breach or attack.

Below we have provided a document that includes common items that should be listed in your cyber liability policy.


In addition to having the right insurance, you will need to:

  • Draft and implement best practices for security compliance
  • Stay informed of changing regulations
  • Continuously refine your own policies to ensure compliance

If you have not created one yet, a set of cyber policies will need to be drafted. This will likely require the aid of an IT professional to properly complete.


As technology evolves year to year, so does compliance. As a company owner, or one of its employees, it may not be within your bandwidth to handle this yourself. America One can help you with this. We can help construct, implement, and refine a set of policies that will work for the values and vision of your company, while maintaining compliance with state and federal regulations.

America One is now offering a free consultation for Cyber Security Policy that includes a free Cyber Security Assessment, as well as a proposed plan of action for developing your company’s security practices (a $299 value!). Contact America One today or schedule a 10-minute call below.

Take action today!