Every business, whether small or large, needs measures in place to identify, assess and manage cyber security risk. Not doing so could put your business at risk of data theft, loss of revenue and downtime, putting you on the wrong side of your customers and the law.
Run through the cyber risk mitigation list below and consider your responses. Are you doing everything on this list? Could your business withstand a cyber security breach or attack?
Does your business have a published and shared policy to manage cyber security risk?
Are your cyber security policies regularly reviewed and updated? Are they consistent with applicable regulations?
Is responsibility for managing cyber security allocated within your organisation?
Does your business have a framework in place to identify, assess and manage cyber security risk?
Are your staff trained to be aware of, and take appropriate action, against the risks posed by cyber security attacks?
What policies do you have in place to background check all levels of staff, from employees to contractors and temporary staff?
Can staff access rights be quickly revoked when employment comes to an end?
Are all visitors escorted in and out of controlled premises?
Are entry controls in place for restricted areas where electronic and physical systems that store personal data are housed?
What storage arrangements are in place to protect records and equipment from loss, damage, interference or theft?
Do you routinely and lawfully dispose of personal data when it is no longer required?
Does your network security extend to the devices used by remote and mobile workers?
Is each staff member assigned an individual user account? Are different levels of access assigned to ensure access to only essential information?
Are appropriate anti-malware protections in place to protect computers from malware attacks?
Are there processes in place to monitor activity to identify and prevent data breaches?
Do you use the latest security patches to fix security vulnerabilities and other bugs in your software?
Are boundary firewalls and internet gateways in place to prevent unauthorised access from other networks?
Do you have a disaster recovery plan in place in the event of a cyber security breach?
Does your business regularly back-up electronic information, and perform regular test restores to ensure they are working?
What is your procedure for notifying authorities in the event of a cyber security breach or disaster?
Do you have in place a communications plan, both internally and to affected individuals, in the event of a cyber security breach or disaster?
Does your business have the resource to investigate a breach and take steps to mitigate cyber security risk in the future?
We hope this checklist has given you a clearer idea of where your vulnerabilities to a cyber security attack lie as an organisation. Work through your answers to the questions above. Are there any low hanging fruits that can be quickly fixed? Which parts will take more work and buy-in from multiple stakeholders across your organisation? Which issues need external consultancy or ongoing, monthly support?
For a more detailed assessment of your cyber security management and support requirements, contact us today and we will put you in touch with an accredited member of our team.