Implement Your Plan
To reduce the risk to your business put the following security controls in place:
- Malware protection: install anti-virus solutions on all systems, and keep your software and web browsers up to date. Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware. Create a policy governing when and how security updates should be installed.
- Network security: increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
- Secure configuration: maintain an inventory of all IT equipment and software. Identify a secure standard configuration for all existing and future IT equipment used by your business. Change any default passwords.
- Managing user privileges: restrict staff and third-party access to IT equipment, systems and information to the minimum required. Keep items physically secure to prevent unauthorised access.
- Home and mobile working, including use of personal devices for work: ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
- Removable media: restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on such media to prevent data being lost and malware from being installed.
- Monitoring: monitor use of all equipment and IT systems, collect activity logs, and ensure that you have the capability to identify any unauthorised or malicious activity.
If you use third-party managed IT services, check your contracts and service level agreements, and ensure that whoever handles your systems and data has these security controls in place.
Source of Information
Information taken from the HM Government publication “Small businesses: What you need to know about cyber security”
Reproduced under the Open Government Licence