Just how secure is your business from a cyber security breach? Opportunists are constantly looking for opportunities or weaknesses in an organisations defences. New technologies are ever-increasingly available to improve your business operations, ensuring you work more efficiently and ensure your business-critical data is protected against cyber threats. Here are our ten steps your business should be looking at, for starters.
1. Network Security
Protect your networks from attack. Defend the network perimeter, filter out unauthorised access and malicious content. Monitor and test security control.
2. Malware Protection
Produce relevant policies and establish anti-malware defences across your business.
3. Removable Media Controls
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing it onto the corporate system.
4. Secure Configuration
Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
5. Risk Management Regime
Access the risks to your business information and systems by embedding an appropriate risk management regime. Ensure that all employees, contractors and suppliers are aware of the approach and any applicable risk boundaries.
6. Managing User privileges
Establish effective management processes and limit the number of privileges accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
7. Incident Management
Establish an incident response and disaster recovery capability. Test your incident management accounts. Provide specialist training. Report criminal incidents to law enforcement.
Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate a possible threat.
9. User Education and Awareness
Produce user security policies covering acceptable and secure use of your systems. Include the training of your staff. Maintain awareness of cyber risks.
10. Home and mobile working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build all the devices. Protect data both in transit and at rest.