Cyber Advisory Service

Cyber Advisory Service

For Business

I need General Advice

Did you know?

60% of small businesses reported a security breach in 2014 and only 26% of businesses use the Government’s Ten Steps guidelines.

I need General Advice

Did you know?

70% of companies where security policy was poorly understood suffered staff-related breaches, compared to 41% where the policy was well understood

I need General Advice

Can’t find the answer you’re looking for? Submit your own query and ask our Advisory Partners!

Menu

Please complete the below form to continue with your question


What are the 10 Steps to Cyber Security?

The 10 Steps to Cyber Security are guidelines from the Government on the steps businesses should take to protect themselves against cyber threats.

Click each step for more information.

  1. Home and Mobile Working
    Develop a mobile working policy and train staff to adhere to it. Apply a secure baseline build to all devices. Protect data both in transit & at rest.
  2. User Education & Awareness
    Produce user security policies covering acceptable & secure use of the organisation's systems. Establish a staff training programme. Maintain user awareness of cyber risks.
  3. Incident Management
    Establish an incident response & disaster recovery capability. Produce & test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.
  4. Information Risk Management Regime
    Establish an effective governance structure and determine your risk appetite- just like you would for any other risk. Maintain the Board's/ Senior management's engagement with the cyber risk.  Produce supporting information risk management policies.
  5. Managing User Privileges 
    Establish account management processes & limit the number of privileged accounts. Limit user privileges & monitor user activity. Control access to activity & audit logs.
  6. Removable Media Controls
    Produce a policy to control all access to removable media. Limit media types & use. Scan all media for malware before importing on to corporate system.
  7. Monitoring
    Establish a monitoring strategy & produce supporting policies. Continuously monitor all ICT systems & networks. Analyse logs for unusual activity that  could indicate an attack.
  8. Secure Configuration
    Apply security patches & ensure that the secure configuration of all ICT systems is maintained. Create a system inventory & define a baseline build for all ICT devices.
  9. Malware Protection
    Produce relevant policy & establish anti-malware defences that are applicable & relevant to all business areas. Scan for malware across the organisation.
  10. Network Security
    Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access & malicious content. Monitor & test security controls.

Important Links

Did this article answer your question? Yes No

Threat Alerts

CAS
Ministry of Justice faces £180,000 fines from the ICO for lost hard drives #infosec #cybersecurity http://t.co/cHOISl4Oas
CAS
Sony had a turbulent extended weekend when their PS network was hacked. Did this affect your Sunday gaming plans? http://t.co/h8qxLonO7x
CAS
43% of theft/loss occurs in the victim's work area. Make sure your desk is clear before leaving work tonight!
I've suffered a cyber breach! Help!