Businesses can be just as susceptible to cyber crime as individuals - keep yourself and your business safe online. Many small and medium sized businesses underestimate the threat cyber crime poses to their business.
Step 1 - Define a Regime Defining and communicating your Board's Information Risk Management Regime is central to your organisation's overall cyber security strategy.
Step 2 - User Education and Awareness Produce user security policies covering acceptable and secure use of the organisation's systems. Establish a staff training programme. Maintain user awareness of the cyber risks.
Step 3 - Home and Mobile Working Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.
Step 4 - Secure Configuration Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory and define a baseline build for all ICT devices.
Step 5 - Removable Media Controls Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to the corporate system.
Step 6 - Manage User Privileges Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
Step 7 - Incident Management Establish an incident response and distaster recover capability. Produce and test incident management plans. Provide specialist training to the incident managemtnt team. Report criminal incidents to law enforcement.
Step 8 - Monitoring Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.
Step 9 - Malware Protection Produce relevant policy and establish anti-malware defences that are applicatble and relevant to all business areas. Scan for malware across the organisation.
Step 10 - Network Security Protect your networks against external and internal attacks. Manage the network perimeter. Filter out unauthorised access and malicious content. Monitor and test security controls.
Cyber Information Sharing Partnerships (CISP) for business
“The Cyber-security Information Sharing Partnership is a Government funded and managed portal helping organisations to have access to the latest threats and attacks so that they can protect themselves. The CISP receives inputs from a range of National Agencies and is available to organisations whether public private or charitable. The CISP lists details of a range of attacks as diverse as schools, health service and email scams.
It is s free service and will not spam members.
To join simply go to www.ncsc.gov.uk/cisp