Good Security Habits
An effective approach to cyber security starts with establishing an effective organisational risk management regime. This needs to be embedded across your organisation and supported by Board and senior managers.
The National Cyber Security Centre recommends the following approach:
Risk management regime
Assess the risk to your organisation’s information and systems and produce supporting risk management policies. Embed this regime across the organisation.
Identify baseline technology builds and processes for ensuring configuration management to improve the security of systems.
Create and implement some simple policies and appropriate architectural and technical responses to reduce the chances of attacks to your systems and technologies succeeding (or causing harm to your organisation).
Managing user privileges
Ensure users are not provided with unnecessary system privileges or data access rights, to minimise the impact of misuse or compromise of that users account.
User education and awareness
Users have a critical role to play in their organisation’s security. Provide security rules and the technology that enables users to do their job as well as help keep the organisation secure.
All organisations will experience security incidents at some point. Invest in establishing effective incident management policies and processes to help improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.
Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. Produce relevant malware policies and establish anti-malware defences.
Good system monitoring is essential in order to detect actual or attempted attacks on systems and business services and effectively respond to attacks.
Removable media controls
Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. Produce a policy to control all access to removable media.
Home and mobile working
Mobile working and remote system access offers great benefits, but exposes new risks, which need to be managed. Develop a mobile working policy.