The 10 Steps to Cyber Security are guidelines from the Government on the steps businesses should take to protect themselves against cyber threats.
Click each step for more information.
- Home and Mobile Working
Develop a mobile working policy and train staff to adhere to it. Apply a secure baseline build to all devices. Protect data both in transit & at rest.
- User Education & Awareness
Produce user security policies covering acceptable & secure use of the organisation's systems. Establish a staff training programme. Maintain user awareness of cyber risks.
- Incident Management
Establish an incident response & disaster recovery capability. Produce & test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.
- Information Risk Management Regime
Establish an effective governance structure and determine your risk appetite- just like you would for any other risk. Maintain the Board's/ Senior management's engagement with the cyber risk. Produce supporting information risk management policies.
- Managing User Privileges
Establish account management processes & limit the number of privileged accounts. Limit user privileges & monitor user activity. Control access to activity & audit logs.
- Removable Media Controls
Produce a policy to control all access to removable media. Limit media types & use. Scan all media for malware before importing on to corporate system.
Establish a monitoring strategy & produce supporting policies. Continuously monitor all ICT systems & networks. Analyse logs for unusual activity that could indicate an attack.
- Secure Configuration
Apply security patches & ensure that the secure configuration of all ICT systems is maintained. Create a system inventory & define a baseline build for all ICT devices.
- Malware Protection
Produce relevant policy & establish anti-malware defences that are applicable & relevant to all business areas. Scan for malware across the organisation.
- Network Security
Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access & malicious content. Monitor & test security controls.