The government has identified ‘Ten Steps to Cyber Security’, which are essential for any business looking to protect itself online. IAN SMITH talks us through the suggestions.
There are plenty of simple and straightforward steps that companies can take to keep themselves safe in the digital world. As an accompaniment to the support offered in their Cyber Essentialsprogramme, the Government advises you to take action in the following key areas:
1.Network Security
It’s important to be aware of what’s on your network and to see that your hardware and software are properly configured. Make sure you act upon notices and warnings.
2.User Education and Awareness
Make sure you have a proper policy in place for using IT and that your staff members are told about it at induction. It’s also important to remind employees of good security practices on a regular basis.
3.Management of User Privileges
It’s critical to manage access to IT through a combination of user names and good, strong passwords. Remember not to write them down or share them and only give users access to what they need.
4.Security Configuration
This is about keeping your IT updated with relevant firmware and patches. Make sure to document your IT assets.
5.Removable Media Controls
This refers to devices such as USB sticks, SD cards and CDs. Make sure it’s safe to bring them on to your network. It may well be that using the cloud is preferable.
6.Home and Mobile Working
With more people working at home, you need to have a proper policy in place and install relevant passwords and authentication software. People are likely to be using mobile devices too, so make sure they’re not walking around with unsecured corporate emails.
7.Malware Protection
Make sure that you keep your anti-malware software up to date through one of the mainstream suppliers. It will scan and sweep on a regular basis, helping to protect you from threats.
8.Risk Management
Create a board of people who are responsible for risk within your business and ensure that they oversee the development of effective policies.
9.Monitoring
Keep track of your hardware and software and look out for unusual activities.
10.Incident Management and Business Continuity
It’s important to have an incident management team which is capable of dealing with any attack and acting upon it.
For more information, please visit https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-summary