The 7 most important areas to have organised for your cyber security
Today, cyber security is a field which all organisations, regardless scope of practice, must take seriously and prioritise. Although no one can be 100 % protected from cyber-attacks, it is possible to implement preventive measures based on praxis and thus, decrease the attack surface.
By using the checklist below, you can feel the pulse of your company’s cyber security level. The checklist summarises the questions which we on SRS Security regard as critical to ensure a satisfying protection against cyber-attacks. The checklist consists of seven articles and, if you answer no on any of the questions below, we strongly recommend you take measures in respective area immediately.
Does the organisation have an information- and/or IT-security policy elucidating which information that has protection value and how information should be classified and handled to be protected? If yes, does the policy also describe how the organisation’s computers and phones can be used for private purposes and which software that is allowed on them?
Has the organisation clarified the most serious IT-security risks based on its operational context, current vulnerabilities, and threat actors?
Has the organisation presented possible consequences of different IT-security risks affecting reputation, potential stock market value and the organisation’s continued existence for the board?
Is there an updated IT-security- and awareness raising-education given when recruiting new employees and periodically afterwards?
Has the organisation someone responsible for IT-security?
Does the person responsible for the IT-security make certain the carrying-out of intelligence concerning vulnerabilities in soft- and hardware, and leaks of the organisation’s e-mail addresses and usernames?
Does the person responsible for the IT-security ensure that security updates are installed as quickly as possible, and that high-risk updates are installed within 48 hours?
SRS Security has also created a scorecard for organisational and technical cyber security actions which can be used to identify the acceptable level for your cyber security and utilized as reference to recognise the areas to rectify in order to enhance cyber security.
Our scorecard consists of 18 articles, and when these are solved, 95 % of all opportune attacks are avoided. To resist, discover and handle targeted attacks, one should complement with a contemporary check of IT-security and potentially also conduct a system review of business-critical systems or an intruder simulation “red-team”.
With broad expertise in information- and cyber security, the security company SRS, work proactively to increase your security in the digital space. By mapping out your unique security values, identify threats and vulnerabilities, and helping you to take tailored safety measures minimising your risks. Our cyber security experts can support you with, for example investigations, forensic and system reviews. We also offer services such as phishing or candy drop tests which assess your staff’s security awareness.