As is well known, the year 2020 brought with the enormously advancing digitization also unexpected new opportunities but also risks. That's why we don't want to fail to talk about cybersecurity right at the beginning of 2021. We are therefore confident that this year will start on a positive note and that as many companies as possible, including their employees, will be optimally protected.
The topic of cybersecurity is now extremely important and in addition to a few concerns it also brings with it a certain complexity. A clear concept of the "National Cyber Security Center" explains in which security approaches it is worth investing in order to protect your company and your employees as best as possible against most cyber attacks.
Below we list the 10 steps of the "National Cyber Security Center" for cybersecurity:
- Set up your Risk Management Regime
Assess the risks to your organisation's information and systems with the same vigour you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organisation, supported by the Board and senior managers.
- Network Security
Protect your networks from attack. Defend the network perimeter, filter out unauthorised access and malicious content. Monitor and test security controls.
- User education and awareness
Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks.
- Malware prevention
Produce relevant policies and establish anti-malware defences across your organisation.
- Removable media controls
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.
- Secure configuration
Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
- Managing user privileges
Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
- Incident Management
Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.
Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.
- Home & mobile working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.
Finally, we would like to thank the “National Cyber Security Center” for the excellent cyber security scheme, which gives a good insight into the most important processes.
If you have any questions, we will be happy to advise you on the subject of cybersecurity.
We wish you a safe and healthy 2021.