The best policy in the given scenario would be to prioritize cybersecurity training, particularly as it relates to familiarizing employees outside of the IT department with cybersecurity practices. This is because the vast majority of breaches depend on a mistake on the part of someone within the target organization. There is no technology that is immune to human error. While it is impossible to entirely eradicate human error in this field or any other, it is possible to reduce the frequency and severity of faulty decision making on the part of employees.

Given the limited funds of this project, it would not be wise to put every employee through lengthy training. Rather, it would be more advisable to make sure the employees understand key pointers for cybersecurity. These pointers include things such as not opening suspicious emails, not clicking suspect links, and not always trusting claims of rank that would grant a potentially malicious individual access.

With that said, it is important to make sure that technologies are put in place to prevent attacks that do not rely on the human factor. These include things such as firewalls, which can be set to a whitelist to make it so that only necessary devices can connect to an organization’s network (BlogPoster, 2022.) Antivirus software is also useful due to its ability to scan websites and emails, further reducing the likelihood of a breach caused by human error.

In conclusion, the best policy would have a strong emphasis on employee training to reduce susceptibility to breaches. This would be combined with the usage of technology to handle breaches not caused by human error and reduce the likelihood of mistakes being made that compromise security.

References:

BlogPoster. (2022, September 21). The basics of IP whitelisting and how it works. Logix Consulting Managed IT Support Services Seattle. https://logixconsulting.com/2022/09/23/the-basics-of-ip-whitelisting-and-how-it-works/