Need specific cyber security advice? Get in touch and we'll help you out.
Contact Us

Good Security Habits

An effective approach to cyber security starts with establishing an effective organisational risk management regime. This needs to be embedded across your organisation and supported by Board and senior managers.

The National Cyber Security Centre recommends the following approach:

Risk management regime

Assess the risk to your organisation’s information and systems and produce supporting risk management policies. Embed this regime across the organisation.

Secure configuration

Identify baseline technology builds and processes for ensuring configuration management to improve the security of systems.

Network security

Create and implement some simple policies and appropriate architectural and technical responses to reduce the chances of attacks to your systems and technologies succeeding (or causing harm to your organisation).

Managing user privileges

Ensure users are not provided with unnecessary system privileges or data access rights, to minimise the impact of misuse or compromise of that users account.

User education and awareness

Users have a critical role to play in their organisation’s security. Provide security rules and the technology that enables users to do their job as well as help keep the organisation secure.

Incident management

All organisations will experience security incidents at some point. Invest in establishing effective incident management policies and processes to help improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

Malware prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. Produce relevant malware policies and establish anti-malware defences.


Good system monitoring is essential in order to detect actual or attempted attacks on systems and business services and effectively respond to attacks.

Removable media controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. Produce a policy to control all access to removable media.

Home and mobile working

Mobile working and remote system access offers great benefits, but exposes new risks, which need to be managed. Develop a mobile working policy.

Source of Information

Information taken from the National Cyber Security Centre website “10 steps to cyber security”

Reproduced under the Open Government Licence.