To protect against cyber-attacks, The National Cyber Security Centre recommends investing in a more holistic approach to security – such as that outlined in the 10 Steps to Cyber Security.
The risk to information and computer assets comes from a broad spectrum of threats with a broad range of capabilities.
The impact on your business will depend on the opportunities you present to an attacker (in terms of the vulnerabilities within your systems), the capabilities of the attackers to exploit them, and ultimately their motivation for attacking you.
Attackers need an opportunity to deliver a successful attack; while you have no control over their capabilities and motivations, you can make it harder for attackers by reducing your vulnerabilities.
As the first step, The National Cyber Security Centre recommends that all organisations review their overall cyber security strategy – together with the nine associated security areas described below, this approach will help to protect your business against the majority of cyber-attacks.
1 - Set up your Risk Management Regime
Assess the risks to your organisation's information and systems with the same vigour you would for legal, regulatory, financial or operational risks.
To achieve this, embed a Risk Management Regime across your organisation, supported by the Board and senior managers.
2 - Network Security
Protect your networks from attack. Defend the network perimeter, filter out unauthorised access and malicious content. Monitor and test security controls.
3 - User education and awareness
Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks.
4 - Malware prevention
Produce relevant policies and establish anti-malware defences across your organisation.
5 - Removable media controls
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.
6 - Secure configuration
Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
7 - Managing user privileges
Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
8 - Incident Management
Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.
9 - Monitoring
Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.
10 - Home & mobile working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.
For all media enquiries, please contact the SecuriGroup Communications team at firstname.lastname@example.org
SecuriGroup is rated within the top 1% of approved UK security companies by our Home Office regulator, the Security Industry Authority.
Strengthening the society in which we live, and an Investors in People Gold organisation, SecuriGroup provides innovative and expert solutions to our clients’ security needs. A two-time winner of ACS Champion of the Year, our security management approach shapes the future of the industry by combining physical, electronic, and cyber security to augment our service delivery.