Every year (and generally more often) organizations should be going over their cyber security plan and cyber security implementations thoroughly in order to ensure the plan and measures they have taken still align with organizational goals and requirements. It is not uncommon for businesses to change rapidly or for consumer requirements to alter to such an extent that what was previously adequate is no longer sufficient to support the business needs of a company.
To this end it is crucial for an organization to have a review process by which they can evaluate systematically both the cyber security plan and the technical and policy measures currently in place.
Organizations should take these steps to review their security and respond to any changes or problems they identify, including attacks or disruption to business.
- Test, monitor and improve your security controls on a regular basis to manage any change in the level of risk to your IT equipment, services and information.
- Remove any software or equipment that you no longer need, ensuring that no sensitive information is stored on it when disposed of. Review and manage any change in user access, such as the creation of accounts when staff arrive and deletion of accounts when they leave.
- If your business is disrupted or attacked, ensure that the response includes removing any ongoing threat such as malware, understanding the cause of the incident and, if appropriate, addressing any gaps in your security that have been identified following the incident.
- If you fall victim to online fraud or attack, you should report the incident. You may need to notify your customers and suppliers if their data has been compromised or lost
Once you have your plan in place, a strategy for implementing and a schedule for review, make sure to stick to it and repeat yearly if not more often!
If you have any questions on cyber security or a related topic, leave a comment below or contact us!
