10 issues to consider to help keep businesses secure.
The UK’s Cyber-security Framework for Business (published by the Department for Business, Innovation and Skills, the security arm of GCHQ) is a 10-step framework to stop around 80% of today’s cyber-attacks – and build the resilience to cope with the other 20%.
Non-executive director’s (NEDs) and those in the financial profession may find this approach useful as they understand the importance of securing information, the flow of it across the enterprise and the reputational risk at stake.
1.Board-led Information Risk Management Regime
Do you have an effective risk governance structure, in which your risk appetite and selected controls are aligned? Do you have appropriate information risk policies and adequate cyber insurance?
2.Secure Home and Mobile Working
Do you have a mobile and home-working policy that staff have been trained to follow? Do you have a secure baseline device build in place? Are you protecting data both in transit and at rest?
3.User Education and Awareness
Do you have Acceptable Use policies covering staff use of systems and equipment? Do you have a relevant staff training programme? Do you have a method of maintaining user awareness of cyber risks?
4.User privilege management
Do you have clear account management processes, with a strong password policy and a limited number of privileged accounts? Do you monitor user activity, and control access to activity and audit logs?
5.Removable media controls
Do you have a policy controlling mobile and removable computer media? Are all sensitive devices appropriately encrypted? Do you scan for malware before allowing connections to your systems?