October is Cybersecurity Awareness Month (CSAM). This effort was brought to life through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance.
With the number and scale of cyberattacks impacting businesses growing at an alarming rate, this initiative presents us with a great opportunity to remind professionals about the importance of boosting their cyber-defence strategies and improving their cyber hygiene.
Today, companies typically put in place multiple measures to protect their systems and their data, but it’s becoming critical to continuously enhance and fortify those defences. Everyday, we hear instances of well-known organisations with strong cyber defences suffering from data breaches.
In light of CSAM, here are some tips to help your clients design a framework to protect their company data & IP, whilst allowing flexibility for mobility and activity-based working.
Before you share these, remind your clients that the first step to protecting their data is for them to develop an information risk management regime. This involves establishing an effective governance structure and determining their risk appetite - just like how they would for any other type of risk.
Following that, here are some measures to consider when building a data security framework that covers the following areas:
Home & mobile working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data in transit and at rest.
User education & awareness
Produce user security policies covering acceptable and secure use of systems. Establish a staff
training program. Maintain user awareness of cyber risks.
Incident management
Establish incident response and disaster recovery capability. Test incident management plans. Provide specialist training to incident management team. Report incidents to law enforcement as per the necessary regulations (e.g. GDPR).
Managing user privileges
Establish account management processes and limit the number of privileged accounts. Limit user
privileges and monitor user activity. Control access to activity and audit logs.
Removable media controls
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.
Monitoring
Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.
Secure configuration
Apply security patches and ensure the secure configuration of all ICT systems is maintained.
Create a system inventory and define a baseline build for all ICT devices.
Malware protection
Produce relevant policy and establish anti-malware defences that are applicable and relevant
to all business areas. Scan for malware across both email and web vectors.
Network security
Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access and malicious content. Monitor and test security controls.
What strategies are you advocating to your clients to ensure that your clients and their data are protected at all times? We'd love to hear your views. Feel free to contact us via the details below or join the conversation on our Twitter page.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
