The Government has consulted with experts in IT security to draw up 10 steps that all business can take to reduce the chances of data security breaches. The Home Office believes that following this guide to basic information risk, management can stop up to 80% of the cyber attacks seen today, allowing companies to concentrate on managing the impact of the other 20%. It recommends that businesses review their current procedures, and invest where necessary, to improve security in the following key areas:
1. User education and awareness
Produce user security policies covering acceptable and secure use of the organisation’s systems. Establish a staff training programme. Maintain user awareness of the cyber risks.
2. Home and mobile working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.
3 Incident management
Establish an incident response and disaster recovery capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.
4. Information risk management regime
Establish an effective governance structure and determine your risk appetite – just like you would for any other risk. Maintain the Board’s engagement with the cyber risk. Produce supporting information risk management policies.
5. Managing user privileges
Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
6. Removable media controls
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to corporate system
Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.
Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory and define a baseline build for all ICT devices.
9. Malware protection
Produce relevant policy and establish anti-malware defences that are applicable and relevant to all business areas. Scan for malware across the organisation.
10. Network security
Protect your networks against external and internal attack.Manage the network perimeter. Filter out unauthorised access and malicious content, and monitor and test security controls.
Watch our video
Read more articles about Cyber Liability Insurance
Learn more about our products and services
Learn more about insurance for technology companies
Download our useful business guides
Learn about our financial services for your business
*Information correct as of 1st May 2016