To help keep your company cyber secure first identify the areas where you’re vulnerable. Then you can prioritise fixing any areas that serve as an open invitation to cyber criminals. This will help you to protect your business’s most valuable assets.

1. Information Risk Management Regime
   Your information is an asset like any other. So you should have an ‘Information Risk Management’ regime in place across your organisation. And senior management should support this.
   Assign responsibility for Information Security and put a review plan in place. Ensure you communicate your policy across your organisation so that everyone is aware.
2. Secure configuration
   Remove or disable unnecessary functionality from your systems. And make sure any available security patches are installed to protect against known vulnerabilities. Failing to do this will expose your business to threats, increasing risks to the integrity of your systems and information.
   If you do opt to lock down certain systems to protect your business, make sure your staff can still do their job.
3. Network security
   Connecting to untrusted networks can expose your organisation to cyber-attacks. Accepting that most businesses rely on some form of internet connection, you’ll need to filter all traffic coming into your network. Only traffic required to support your business should be allowed. Check traffic for unusual or malicious incoming and outgoing activity that could suggest an attack.
4. Manage user privileges
   Control the number of privileged users and ensure this type of account is not used for high risk or day-to-day user activities. Be sure to monitor user activity, particularly all access to sensitive information and privileged accounts.
5. User education and awareness
   Create a user security policy that outlines acceptable usage. Incorporate this into your employment terms and conditions. All users should receive regular training on the cyber risks they face as employees and individuals. IT staff should receive specialist training.
6. Incident management
   Establish an incident response and disaster recovery plan. Test it to ensure effectiveness. This may mean specialist training for those involved. Make sure any online crimes are reported to the police.
7. Malware prevention
   Many company-wide devices are susceptible to Malware. Make sure you scan for malware across your organisation. Protect all host and client machines with antivirus solutions. All information supplied to or from your organisation should be scanned for malicious content.
8. Monitoring
   Continuously monitor inbound and outbound network traffic to identify unusual activity or trends that could indicate attacks. It’s advisable to use Network and Host Intrusion Detection Systems (NIDS/HIDS) and Prevention Systems (NIPS/HIPS); your IT experts should be aware of these
9. Removable media controls
   Produce a removable media policy that controls use for the import and export of information. Removable media is the use of devices such as:
   Memory cards, USB pen drives etc;
   - Removable or external hard disk drives;
   - Newer Solid State (SSD) drives
   - Mobile devices (Smartphones, iPad or other tablets, iPods or MP3 players etc);
   - Optical disks i.e. DVD and CD;
   - Floppy disks
   - Backup Tapes.
   If the use of such media is unavoidable, limit the type of information that can be transferred. Scan all media for Malware using a standalone media scanner before any data is transferred.
10. Home and mobile working
    Many companies allow mobile working for employees. This can pose a certain amount of risk. Mobile users need to be trained on the secure use of their mobile devices. Ensure all mobile devices are secure from a network perspective. Monitor incoming and outgoing attachments.
    BYOD (Bring Your Own Device) brings another set of challenges for businesses. You should view a mobile device the same as a company provided PC or laptop and put security processes in place.

In summary

By following these tips and guidelines, you can make sure your company remains protected against malicious cyber-attacks.

In most cases, cyber criminals are looking for an easy route in to your data. As with any physical security the harder you make it for them the more easily deterred they will be. But with the greatest will in the world, some cyber-attacks will simply be too sophisticated to detect, and human error is sometimes unavoidable.
Make sure you have insurance in place that covers you for these unforeseeable events, so you’re able to recover should the worst happen.

For more information visit: www.jelfgroup.com/cyber

Source: https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-summary

Print PDF