Your Cybersecurity Protection Blueprint

 ‘Essential 9’ focus areas that form a blueprint for Security Risk Management.

With cyber security breaches at epidemic proportions and governments across the globe actively encouraging greater awareness and action, we’ve taken a look at the ‘Essential 9’ focus areas that form a blueprint for Security Risk Management.

Malware Prevention
Preventing infection from malware is both a technical and human challenge. Phishing and DDOS attacks grow ever more sophisticated and dangerous. Robust, dynamically updated anti-virus/malware protection must be deployed along with wider defence policies across the organisation. 

Network Security
Networks are the life blood of operations and must be protected at all costs. Rigorous defence measures should be in place across the ever-expanding attack surface area. Malicious traffic and unauthorised content must be immediately identified and nullified. On-going security testing and controls should be formalised.

Security Breach Management
Before a breach occurs, formalise an incident response plan including disaster recovery and business continuity protection. Consider the impact a breach may have and mitigate against adverse business consequences. Regularly re-examine incident management plans through formalised security testing processes, and whilst negative publicity and PR will always be a concern, criminal incidents should be reported to law enforcement authorities.

Workforce Education & Awareness
95% of security breaches are attributable to human error, making the workforce a key defence resource and simultaneously, the weakest link in the chain. On-going and engaging security awareness and training is key to embedding security policies and diligent use of systems.

Removable Hardware Control
Memory sticks and other plug-in speed saving devices are regularly used in the corporate world. Controlling and limiting the use of all removable media should be introduced. Scanning files and media at the point of introduction, and before access to corporate systems is security best practice.

Secure Systems & Applications
A growing number of user owned devices are connecting to corporate networks, and a baseline build for all devices should be applied before access is granted. Ongoing device build policy and system configuration should be continuously reviewed with security updates and patches always up to date. Create an automatic inventory of all devices connecting and accessing systems.

Manage User Access
Control and limit who has access to specific business applications and systems. Establish an effective management process whereby access is strictly controlled and limited. Privileged user access should be on a business need basis and user activity must be scrutinised. Monitoring and maintaining system access and audit logs will help identify suspicious activity.

Network & System Monitoring
Establish a ‘24 x 365’ monitoring process as a core element of security activity. Whether in-house or through a security partner - continuously monitoring all systems and networks including the analysing of logs for any unusual activity will help identify any potential attacks.

Workplace Evolution
Home and mobile working has, of course, increased over recent times, and ‘Hybrid’ working is the new norm. Develop a flexible working policy that forms a core element of employee security awareness and training. Secure and pre-established software builds to all devices should be a formalised ‘business as usual’ requirement.

 

Protecting your systems and data from a cybersecurity breach should be given the same level of importance as legal, regulatory, financial and operational priorities. Risk management attitudes will vary across industry sectors, but the unforeseen consequences of a security breach can be catastrophic, with the organisation’s very survival under threat.

Related articles

4

Decoding the Future: Unravel the legal and ethical tapestry of AI

We spoke to one of our professional services consultants, Malcolm Mason and asked for his insight and guidance on the transformative power of AI.

Ai Image Websire v2

Innovation or a vulnerability: Is AI a threat to Cybersecurity?

We spoke to two of our professional services consultants, Grant Mossman and Malcolm Mason, and asked what their opinion on the rapid evolution of AI was and if this poses a threat to cybersecurity.

Mike Q Article banner v2

Co-Managed IT: Why partnering with an IT service provider makes perfect sense

Our Professional Services Consultant Michael Quittenden shares why co-managing your IT services could be the perfect solution for you and your business.

Contact us to find out how we can help you
and your business today

Contact us

Further Insights

4

Decoding the Future: Unravel the legal and ethical tapestry of AI

We spoke to one of our professional services consultants, Malcolm Mason and asked for his insight and guidance on the transformative power of AI.

LinkedIn templates 34 v3

New Enterprise Product Manager in Jersey

New Enterprise Product Manager in Jersey

LinkedIn templates 33 v3

Create sustainable data centre solutions with Centiel

We have been working together with Centiel to create sustainable data centre solutions.