In the face of increasingly sophisticated cyber attacks and threats, it is critical to assess the maturity of your organisation’s security capabilities to ensure that the most effective control-measures are implemented.
Consider the following tips:
- Cyber security awareness and training: Raise cybersecurity awareness and provide training to all personnel to help them understand their security responsibilities as human firewalls.
- Boundary defence: Control access to your network systems from outside the organisation, with firewalls, personal firewalls, VPN and proxies. Use intrusion detection system (IDS) and intrusion prevention system (IPS) to protect your network.
- Application software security: Deploy next-generation, threat-hunting antivirus (now called endpoint protection). Ensure you have strong malware detection software to identify vulnerabilities in application software. Have a ransomware response plan.
- User management: Control and audit user accounts with administrative privileges. Monitor user accounts and report unauthorised or unauthenticated access to devices and information.
- Data loss prevention: Encrypt data and control access to sensitive information to stop data breaches, and consider recent data protection legislation updates.
- Security testing: Conduct regular vulnerability assessments and penetration. Develop an incident response plan to detect an attack, contain the damage, and preserve evidence.
- Asset management – Maintain inventory of authorised network devices and software. Maintain secure configuration baselines for network devices. Enforce multifactor authentication.
- Outsource audits – Perform routine self-assessment and monitoring. Engage an external security consultant to perform in-depth cyber risk assessment, identify gaps and provide remediation plans for optimised security.
When a breach occurs, it is not just the organisation’s money and resources that are at stake, but a business reputation, negative public relations, and severe financial penalties if found to be non-compliant.
Contributing writer, Polly Pickering, managing director of eShore (Cayman).