Policy Actions. These actions should be carried out by staff responsible for determining the overall cyber security policy
- Identify and record essential data for regular backups.
- Create a password policy
- Decide what access controls your users need so they can access only the information and systems required for their job role.
- Decide what staff need access to USB drives.
- Create an inventory of approved USB drives and their issued owners, and review whether the ownership is necessary periodically.
Technical Actions. These actions should be carried out by technical staff responsible for the setup and configuration of devices, networks and software.
- Switch on your Firewall.
- Install and turn on Anti-virus software.
- Block access to physical ports for staff who do not need them.
- Consider making a password manager available to your staff to secure their passwords. Review the star rating before choosing one from an app store.
- Ensure data is being backed up to a backup platform e.g. portable hard drive and/or the cloud.
- Set automated back-up periods relevant to the need of the business.
- Switch on password protection for all available devices. Change default passwords on all internet-enabled devices as per password policy.
- Install and turn on tracking applications for all available devices e.g. Find my iPhone.
- Enable two-factor authentication for all important accounts (eg email).
- Apply restrictions to prevent users downloading 3rd party apps.
- Install the latest software updates on all devices and switch on automatic updates with periodic checks.
- Ensure all applications on devices are up to date and automatic updates have been set to download as soon as they are released. Schedule regular manual checks on updates.
- Set up encryption on all office equipment. Use products such as Bitlocker for Windows using a Trusted Platform Module (TPM) with a PIN, or FileVault (on mac OS).
Training and awareness actions. These actions should be carried out by staff responsible for implementing staff training and awareness.
- Provide secure physical storage (eg a locked cupboard) for your staff to write down and store passwords.
- Create a Cyber Security training plan that you can use for all staff.
- Include details of your "Password" policy explaining how to create a non-predictable.
- Include how to spot the obvious signs of phishing.
- Include details of your reporting process if staff suspect phishing.
- Include details on how your business operates and how they deal with requests via email.
- Include details of Wi-Fi hotspot vulnerabilities and how to use alternative options (eg VPN/Mobile network).
For more info about our Cyber Security Training, please contact us at firstname.lastname@example.org or visit www.deangelisandassociates.com