Cyber Security Plan – Why you need one?
Do your business have a Cyber Security Plan?
Do you realize you need one?
All businesses should put in place a plan to defend itself against cyber threats as everyone will experience them. If you suffer a breach under GDPR it is understood that no system is watertight. However a business would be expected to show it had taken reasonable measures for protection if it was not to fall foul of the Information Commissioners Office.
-
First Step
Senior management must appoint people to organise the plan and provide the necessary budget and resources.
-
Risk Assessment
Then it must identify the likely threats and next prioritize them. This is on the likelihood of the risk occurring and what damage would be caused by a breach. Obviously, those that would cause the most damage will be prioritized.
-
Defences
Prepare a list of what defences you will use to the maximum effect on your budget. Some issues you will be able to deal with. Other threats will require advice from an expert on how best to act.
-
Passwords
Make sure every employee is aware of the need to have a complex unique password, to change it regularly and not to disclose it to anyone else. They should know the personal consequences of non-compliance as it will be a breach of GDPR. Strong passwords reduce the risks from outsiders and insiders looking to cause trouble
-
Two Factor authentication
This doubles the security on the system. In addition to the password the user needs a code perhaps sent to a mobile for that occasion only. This takes extra work to set up but is worth the effort.
-
Need to Know Access
Under GDPR a business must limit access to data to those employees who need it to do their own job. The days of general access are over. The less people who know information the less the risk of damage or breach. It also reduces the number of targets for outsiders.
-
Cyber Attacks
Some things will always be out of control of the best prepared business. Huge companies with large resources are hacked and data stolen. There are highly skilled individuals out there who will do whatever it takes to steal data. Technology can unexpectedly fail. An employee can make an error. The business must be prepared for the worst. Everything must be backed up off site. A procedure put in place to minimize any breach or problem once discovered rather than making it up as you along. Be prepared.
If you need any advice please contact anne@barkleylegal.co.uk