IT security is potentially very confusing with a LOT of different guidelines.
We’ve waded through the best practice and distilled it to our minimum recommendations below so for those in a rush, hopefully it will only be a 60 second read!
It’s very possible that you are already doing many of these, perhaps some informally, but we believe that it’s essential you are doing all of them, and formally.
Steps that help compliance with Cyber Essentials (CE) or the General Data Protection Regulations (GDPR) are identified.
| Backup | Don’t argue, just do it! All your data (email, finance, CRM etc) and any key systems, to multiple locations… and please, TEST YOUR BACKUPS! | GDPR |
| Malware Protection | Mandatory… anti-virus on every computer (endpoint detection would be better), also DNS and email filtering. | CE |
| Update/Patch | Again, no excuses – computers, network equipment, applications – MUCH cheaper than a breach! | CE |
| Encrypt | Protection even when breached – on your computers, in the cloud and everywhere in between! | GDPR |
| Secure Configuration | Don’t give everyone access to everything! Disable features/settings that make it simpler to be hacked. | CE |
| Password Management | Stop re-using/sharing passwords, using your favourite dog’s name followed by a dollar sign, or writing them down – use strong, unique passwords. | CE |
| Multi-factor authentication | Use this on everything and stop complaining! It’s mega-effective against hackers, and really simple if you use a password manager… | CE |
| Firewall | Enable everywhere, another simple and effective defence against hackers. | CE |
| Security Training | You are the weakest link, simply accept this and move on – the bad guys are getting smarter, so you should be too. | GDPR / CE |
| Policies | Don’t leave people to guess, make sure you have clear, current, written policies for acceptable usage of your IT. | GDPR / CE |
| Audit | If you don’t know your computer count, you can’t be sure they are protected – same for users, applications, services, network devices etc. | CE |
| Monitor | Know if a disk is not encrypted, patches are failing or a user logs on from Moscow – if not, you’re just blindly trusting everything’s good! | |
| Plan | Be prepared for the storm, not the sunny day – business continuity, disaster recovery and incident response. | GDPR |
| Certify | Cyber Essentials compliance shows you’re serious about IT security… Cyber Essentials Plus proves it! | CE |
If that took more than 60 seconds, we are sorry, but that’s as brief as we can possibly be. The reality is, there is so much more to each of these points and these are just the minimum practice… there’s a lot more we’d love to recommend!
If you have any questions or are interested in more information:
-
- Book a meeting at a convenient time – https://calendly.com/hello-gsl/15min
- Call – 01223 903 800
- Email – hello@grace.solutions