Ten Steps to Cyber Security - your free audit
With the legislation of GDPR coming into effect on 25th May 2018, it is important to ensure that your company is compliant with data security requirements.
General Data Protection Regulation (GDPR) has been put in place as an extra safeguard to protect data and how it is used.
Bespoke Computing understands that these changes can be intimidating for some business owners; especially as they carry the risk of a serious fine if organisations don’t comply – even if it is unintentional.
Below is our summary of the Ten Steps to Cyber Security, as recommended by the National Cyber Security Centre. We believe they are crucial to read as there is lots of misinformation from not-so-credible sources flying around.
To this end, Bespoke Computing is offering a free data security audit to businesses local to us in Shropshire. We will visit your place of work and analyse how your business is measuring up against these recommendations and meeting GDPR regulations.
If you would like to secure your audit, as availability will be limited, please contact us today. Our offer ends on 30th June 2018.
- Risk Management Regime
There should be a suitable risk management regime put in place throughout the company. It is important that this regime is supported by an authorised and responsive personnel as well as being supported by board members and senior managers.
The approach to risk management should be clearly communicated with the relevant policies and practices. The sole aim is to make sure all employees familiar with the approach and the risk boundaries.
- Secure Configuration
A method should be adopted to identify baseline technology builds and processes so that configuration management can improve the security of systems.
The method should be developed to delete or deactivate redundant functionality from systems and fix any problems – usually via patching. If you fail to do this, you increase the risk of compromise of systems and information.
- Network Security
When you connect from your networks to the Internet, you expose your systems and technologies to risk of an attack. Clear policies and suitable technical responses should be put in place to reduce the likelihood of these attacks.
It is important to not focus on the physical connections alone. You should consider where your data is stored and processed and where the attacker would most likely have the chance to strike.
- Managing User Privileges
Users that have been given unnecessary data access rights can increase the risk of misuse or compromise. All users should be provided with a minimal level of access necessary for their role. User privileges for data access should be controlled and managed to minimise risk.
- User Education and Awareness
Every user has an important role in maintaining their company’s security. For this reason, it’s vital that rules and the technology provided to users to do their job is carried out in a secure manner.
This can be implemented through awareness programmes and training that focuses on creating expertise in security.
- Incident Management
It is inevitable that some companies will experience security incidents at some point. To reduce the impact of an incident; companies should invest in putting together incident management policies and processes. This will help to improve business resilience and assure customer confidence.
There should be an internal or external individual or team put in place who has demonstrable incident management experience.
- Malware Prevention
Malware is a term used that refers to any code or content that could inflict a malicious impact on systems. There is always a risk when information is exchanged that malware could be exchanged too.
This risk can be minimised by putting suitable anti-malware policies in place as a fully defensive approach.
Monitoring helps to detect attacks and attempted ones on systems and business services. This is an essential practice in order to deal with attacks and ensure that systems are being used properly.
Monitoring is frequently an important method that is needed to comply with legal requirements.
- Removable Media Controls
Removable media is a common way in which there is a risk of introducing malware and the export of sensitive data either accidentally or deliberately.
If your business needs to use removable media, you should check that the correct security methods are in place to do so.
- Home and Mobile Working
There are many benefits to mobile working and remote system access, but it can expose risks. Policies and procedures should be implemented to reduce the risks and support mobile working and remote access.
Users should be trained on the correct and secure use of mobile devices in the places they usually work in.
Bespoke Computing can measure how compliant your company is with these steps and what you can do to improve with our free audit.
To find out more, please call 01952 303404, or fill out the enquiry form below.
Sign up to our newsletter
Bespoke Computing Ltd
Stafford Park 7