10 Steps to Cyber Security
October is Cyber Security Awareness Month. Given the rise in online businesses and home working as a result of Covid-19, we wanted to share some tips on improving cyber security in your small business.
The National
Cyber Security Centre has outlined 10 Steps to Cyber Security, which
we have explored in our latest infographic.
Risk Management Regime:
Establish a governance framework and produce policies to
support risk management objectives. Risk management should be demonstrated at
every level of the business and appropriate training should be given that
reflects each role. Ensure security controls are up to date and appropriate.
Secure Configuration:
Implement configuration control and change management
processes for all systems. Set a secure baseline build for all systems and
components. Remove unnecessary functionality from systems and quickly fix
vulnerabilities. Limit user ability to change configuration and privileged user
functionality.
Home and Mobile Working:
Develop a home working policy and educate staff to operate
securely by following clear procedures. Apply a secure baseline build and
configuration for all types of mobile devices used. Protect data in transit and
at rest.
Incident Management:
Develop and maintain your incident management policies,
processes & plans and test them. Define specific individuals to handle
incidents and ensure they are fully trained. Establish a data recovery
capability, analyse post-incident evidence and report criminal incidents to law
enforcement.
Malware Prevention:
Develop and implement anti-malware policies and establish
malware defences. Manage all data imports & exports and blocks access to
known malicious sites. Educate users to understand the risks.
Managing User Privileges:
Establish policies and educate users of their personal
responsibility to adhere to corporate security policies. Limit the number and
use of privileged accounts. Control access to the audit system and logs and
ensure that all privileged user access is recorded.
Monitoring:
Establish a monitoring strategy and align the incident
management policies. Monitor user activity and inbound & outbound traffic
traversing network boundaries to identify unusual activity that could indicate
attacks.
Network Security:
Protect the network perimeter. Manage inbound and outbound
network connections and scan for malicious content. Protect the internal
network and ensure that there is no direct routing between internal and
external networks
Removable Media Controls:
Implement policies to control the use of removable media.
Automatically scan removable media for malware when it is introduced to any
system. Limit the use of removable media, but when it is needed it should be
formally issued and users should be educated on its use.
User Education and Awareness:
Produce a user security policy and train all new starters on
it. Conduct regular refresher training on the security risks to the
organisation and monitor its effectiveness. Promote an incident reporting
culture and establish a formal disciplinary process for those who abuse the
policies.
Businesses of all sizes rely on information technology infrastructure to some degree and are therefore exposed to the potential risks of cyber-crime. However, SME’s can be particularly vulnerable to attacks as they may not have the resources or capabilities to deal with a cyber-event.
Cyber insurance is a specialised form of insurance cover that aims to help protect businesses from the effects of digital attacks such as data breaches or cyber hacks. For more information about Cyber Insurance and to get a quote, speak to the team on 08081 68 68 68 or get your online quote now.