Such policies and/or guidelines may include the following:
- Password complexity necessitates the use of strong, ideally randomized passwords.
- Password rotation, whereby users change their passwords on a thrice-monthly basis.
- Multi-factor authentication on all devices, ensuring multi-level protection in the instance of a cybercriminal gaining unauthorized access — this can further be expanded to biometric authentication for additional security.
- Remote wiping, whereby users can remotely dispose of data if a device has been lost or stolen.
- Access control, particularly concerning sensitive information.
You may also like to consider implementing an incident response plan, outlining what to do in the case of a security breach or device theft — working to reduce risk by ensuring that everyone is on the same page.