Having explored the topic of planning your organization’s cyber security approach through using a business centric model (performing a risk management analysis) the next step to take is to take action.
When it comes to planning how your organization will deal with the cyber security problem your organization can have the best formulated plans, but even the best laid plans need to be executed well in order for them to provide the value and protection they are designed to provide.
Take these steps to put the right security controls in place for your business.
- Check on people with access: Read your contracts, service level agreements and talk to your vendors to ensure that whoever handles your systems and data has the necessary security controls in place.
- Malware protection: install anti-virus solutions on all systems, and keep your software and web browsers up to date. Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware. Create a policy governing when and how security updates should be installed.
- Network security: increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
- Secure configuration: maintain an inventory of all IT equipment and software. Identify a secure standard configuration for all existing and future IT equipment used by your business. Change any default passwords.
- Managing user privileges: restrict staff and third-party access to IT equipment, systems and information to the minimum required. Keep items physically secure to prevent unauthorized access.
- Home and mobile working, including use of personal devices for work: ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorized users.
- Removable media: restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on such media to prevent data being lost and malware from being installed.
- Monitoring: monitor use of all equipment and IT systems, collect activity logs, and ensure that you have the capability to identify any unauthorized or malicious activity.
In step three we cover is the importance of reviewing – ongoing review of plans and measures to ensure efficacy.