QASSS has put together the following quick guide based on NCSC (National Cyber Security Centre) advice to help businesses protect themselves and avoid being caught in COVID-19 scams. To download our pdf guide on cyber security, click here.
- RISK MANAGEMENT REGIME
Central to your organisation’s cyber security strategy is to define and communicate your Board’s Information Risk Management Regime.
- SECURE CONFIGURATION
Having an approach to identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. You should develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities, usually via patching. Failure to do so is likely to result in increased risk of compromise of systems and information.
- HOME AND MOBILE WORKING
Mobile working and remotes expose new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that apply to users, as well as service providers.
- INCIDENT MANAGEMENT
All organisations will experience security incidents at some point. Investment in establishing effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.
- MALWARE PREVENTION
Any exchange of information carries with it a degree of risk that malware or malicious software might be exchanged, which could seriously impact your systems and services. The risk may be reduced by implementing appropriate security controls as part of an overall ‘defence in depth’ approach.
- MANAGING USER PRIVILEGES
Ensure you have a policy to manage employees’ privileges. Giving users unnecessary system privileges or data access rights means that if the account is misused or compromised the impact will be more severe than it needs to be.
System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Good monitoring is essential to effectively respond to attacks. Monitoring is often a key capability needed to comply with legal or regulatory requirements.
- NETWORK SECURITY
The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding or causing harm to your organisation. Your organisation’s networks almost certainly span many sites, including mobile / remote working and cloud services for example. Also don’t just focus on physical connections. Think also about where your data is stored and processed, and where a cyber-criminal would have the opportunity to interfere with it.
- REMOVABLE MEDIA CONTROLS
Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should have a clear policy for all employees as to whether to allow the use of removable media and apply appropriate security controls to its use.
- USER EDUCATION AND AWARENESS
All employees (users) have a critical role to play in their organisation’s security and so it’s important that security rules and the technology provided enables users to do their job as well as helping to keep the organisation secure. This can be supported by a systematic delivery of awareness programs and training that deliver security expertise as well as helping to establish a security-conscious culture.
Remember, be cyber safe and think before you click. To read more about COVID-19 and other scams, read our advice on staying safe online, see our recent article here.
For up to date guidance, please visit the NCSC site.
During this COVID-19 period, we can help with business continuity, cyber security and other IT solutions to help your business stay safe, innovative and reduce IT costs. We offer a host of bespoke IT solutions for the home improvement sector whether on a project, temporary or permanent basis. To find out more, call Nisar Raja, QASSS IT Infrastructure Manager, on 0330 335 3354 or email firstname.lastname@example.org
Background vector created by pikisuperstar – www.freepik.com