Your Cybersecurity Protection Blueprint

 ‘Essential 9’ focus areas that form a blueprint for Security Risk Management.

With cyber security breaches at epidemic proportions and governments across the globe actively encouraging greater awareness and action, we’ve taken a look at the ‘Essential 9’ focus areas that form a blueprint for Security Risk Management.

Malware Prevention
Preventing infection from malware is both a technical and human challenge. Phishing and DDOS attacks grow ever more sophisticated and dangerous. Robust, dynamically updated anti-virus/malware protection must be deployed along with wider defence policies across the organisation. 

Network Security
Networks are the life blood of operations and must be protected at all costs. Rigorous defence measures should be in place across the ever-expanding attack surface area. Malicious traffic and unauthorised content must be immediately identified and nullified. On-going security testing and controls should be formalised.

Security Breach Management
Before a breach occurs, formalise an incident response plan including disaster recovery and business continuity protection. Consider the impact a breach may have and mitigate against adverse business consequences. Regularly re-examine incident management plans through formalised security testing processes, and whilst negative publicity and PR will always be a concern, criminal incidents should be reported to law enforcement authorities.

Workforce Education & Awareness
95% of security breaches are attributable to human error, making the workforce a key defence resource and simultaneously, the weakest link in the chain. On-going and engaging security awareness and training is key to embedding security policies and diligent use of systems.

Removable Hardware Control
Memory sticks and other plug-in speed saving devices are regularly used in the corporate world. Controlling and limiting the use of all removable media should be introduced. Scanning files and media at the point of introduction, and before access to corporate systems is security best practice.

Secure Systems & Applications
A growing number of user owned devices are connecting to corporate networks, and a baseline build for all devices should be applied before access is granted. Ongoing device build policy and system configuration should be continuously reviewed with security updates and patches always up to date. Create an automatic inventory of all devices connecting and accessing systems.

Manage User Access
Control and limit who has access to specific business applications and systems. Establish an effective management process whereby access is strictly controlled and limited. Privileged user access should be on a business need basis and user activity must be scrutinised. Monitoring and maintaining system access and audit logs will help identify suspicious activity.

Network & System Monitoring
Establish a ‘24 x 365’ monitoring process as a core element of security activity. Whether in-house or through a security partner - continuously monitoring all systems and networks including the analysing of logs for any unusual activity will help identify any potential attacks.

Workplace Evolution
Home and mobile working has, of course, increased over recent times, and ‘Hybrid’ working is the new norm. Develop a flexible working policy that forms a core element of employee security awareness and training. Secure and pre-established software builds to all devices should be a formalised ‘business as usual’ requirement.

 

Protecting your systems and data from a cybersecurity breach should be given the same level of importance as legal, regulatory, financial and operational priorities. Risk management attitudes will vary across industry sectors, but the unforeseen consequences of a security breach can be catastrophic, with the organisation’s very survival under threat.

Related articles

Image1

It’s not about predicting the future, but making it possible

Our Chief Technical information Officer Cyrille Joffre shares his highlights from the recent MWC in Barcelona.

358X180 People on mobile 1

Cyber Security tips for small businesses

We look at the main security risks for small businesses, and what they can be doing to increase protection against attacks.

SASIG 1 v2

Guernsey SASIG event highlights

Latest ransomware tactics, hybrid Clouds and more discussed at Guernsey security forum. Iain Davidson, Head of Enterprise Products at Sure Business, was in attendance and shares his insights on an important event.

Contact us to find out how we can help you
and your business today

Contact us

Further Insights

Image1

It’s not about predicting the future, but making it possible

Our Chief Technical information Officer Cyrille Joffre shares his highlights from the recent MWC in Barcelona.

358X180 People on mobile 1

Cyber Security tips for small businesses

We look at the main security risks for small businesses, and what they can be doing to increase protection against attacks.