Involving Top Management
- Appoint an information security officer.
- Identify your ICT risks and safeguard your business for the future.
- Be aware of cyber threats and vulnerabilities in your networks.
Raise Staff Awareness of Cyber risks
- Get users to subscribe to your code of conduct.
- Periodically remind users that information must be treated as sensitive & with respect for privacy rules.
- Inform users how to recognize phishing (e-mail fraud) and how to respond.
Publish a corporate security policy and a code of conduct
- Create and apply procedures for the arrival and departure of users.
- Plan and execute security audits.
- Develop and distribute a code of conduct for using ICT.
Backup all information
- Daily backups of your important data.
- Select own or cloud backup solutions.
- Store Backups offline and in a separate place (at a distance from their source if possible).
Manage access to your computers and networks
- Change all default passwords.
- No one works with administrator privileges for daily tasks.
- Passwords must be longer than 10 characters with a combination of character types and changed periodically or when there is any suspicion of compromise.
Secure workstations and mobile devices
- Automatically lock workstations and mobile devices when unused.
- Laptops, smartphones or tablets are never left unattended.
- Disable autorun functions from external media.