IT security is potentially very confusing with a LOT of different guidelines.
We’ve waded through the best practice and distilled it to our minimum recommendations below – it’s very possible that you are already doing many of these, perhaps some informally, but we believe that it’s essential you are doing all of them, and formally.
- Audit your IT and build an asset list/inventory, so you know what needs to be managed (CES)
- Policies formalise your IT use, so everyone knows what is expected (especially password management) and assess user understanding (CES)
- Train all your staff continuously about security awareness across all IT systems (CES/GDPR)
- Backup all your data regularly and to multiple locations and backup systems as required (GDPR). Regularly test all your restore processes.
- Encrypt all data wherever it’s stored and whilst in transit (GDPR)
- Anti-Malware should be used to protect every device and service (CES)
- Update all devices and software promptly with the latest patches (CES)
- Multi-Factor Authentication should be enabled wherever it is available (CES)
- Default Passwords for devices/services should be disabled or changed on first setup (CES)
- Password Managers should be provided to all staff
- Restrict Access to data, devices, services to the minimum required (CES)
- Monitor everything, all the time, for compliance and alerts
Steps that help compliance with Cyber Essentials (CES) or the General Data Protection Regulations (GDPR) are identified.
Questions…interested in help or more info? Book a meeting – https://calendly.com/hello-gsl/15min
- Call – 01223 903 800
- Email – email@example.com