The latest edition of the London Protect Newsletter has recently been released and contains some fantastic information on how to prepare for and respond to a cyber breach/attack.
They’ve provided a handy step by step guide on what you can do, whichwe have detailed the steps from below:
1.GOOD GOVERNANCE — Identify who is accountable for security at board/executive level. Ensure they have clear reporting lines to all staff with security responsibilities.
2. IDENTIFY YOUR MOST VALUABLE ASSETS — Identify which assets are critical to your business success, competitive, advantage and continuing operation. These will include people, products, services, processes, premises and information.
3. IDENTIFY THE THREATS — Identify the security threats to your most valuable assets. Threats are diverse and may exist in physical or cyberspace, and may change over time
4. ADOPT A RISK MANAGEMENT APPROACH – Establish your organisation’s appetite for security risk. Choose a risk management approach that suits your organisation and business activity—one that integrates security into your business but does not inhibit it.
5. MITIGATE YOUR RISKS — Prioritise the risks to your organisation and put in place a range of personnel, cyber and physical security control measures that reduce your vulnerability to them and their impact. Accept that you cannot protect everything . Build an effective, professional and competent security team with clear, well defined and rehearsed procedures.
6. LEGALITY, ETHICS AND TRANSPARENCY — Security principles, policies and procedures should be transparent and accessible. Taking an ethical approach, proportionate to risk will gain support and buy-in from stakeholders
7. CONTROL ACCESS — Introduce control measures and monitoring systems to ensure employees, contractors and suppliers and the public only have access to buildings, information and people necessary for their role.
8. CREATE A STRONG SECURITY CULTURE: SOFT MEASURES — Lead by example. A good security culture relies on visible endorsement from the top. Develop clear and fit for purpose security policies (particularly on how to report security incidents) supported by training and regular communication. Ensure the staff are clear on how to report a security incident, and on their responsibility in managing and resolving security risks
9. CREATE A STRONG SECURITY CULTURE: HARD MEASURES — Establish robust procedures for dealing with poor behaviours. Enforce security policies visibly and quickly when staff, contractors or suppliers don’t comply
10. PROTECT YOUR INFORMATION — Establish an information and cyber security policy that identifies the information risks across your organisation and applies appropriate controls. Conduct regular reviews to incorporate changes in technology.
In an emergency call 999 – For non emergencies call 101 – For the Anti-Terrorist Hotline call 0800 789321