Effective risk management will go a long way to protecting a business. Business leaders, or those tasked with the function of risk management, need to first understand their exposures before they can put in adequate controls. Risk management is a continuous process that at no point can be considered complete.
The National Cyber Security Centre (NCSC) have published 10 Steps to Cyber Security which are:
- Set up your risk management regime - Assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organisation, supported by the Board and senior managers.
- Network Security - Protect your networks from attack. Defend the network perimeter, filter out unauthorised access and malicious content. Monitor and test security controls.
- User education and awareness - Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks.
- Malware prevention - Produce relevant policies and establish anti-malware defences across your organisation.
- Removable media controls - Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.
- Secure configuration – Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
- Managing user privileges – Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
- Incident management – Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.
- Monitoring - Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.
- Home and mobile working - Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.
Assess your cyber security risk now
Quickly discover the level of protection you need by taking our simple three-minute cyber risk assessment test.
Specialist cyber crime and fraud insurance
With the Cyber Crime and Fraud Insurance that's right for you business, you can rest assured that your protection includes:
- Data recovery support in the event of a breach
- Extortion cover if a hacker tries to hold you to ransom
- Business interruption cover to keep you going after a cyber attack
- Payment of costs associated with regulatory investigations
- Cover for claims for damages against your business
Get a crime cyber and fraud insurance quote
For more information, to discuss your particular cyber and data security requirements or to get a quote, simply contact Towergate on:
About the author
Mark Brannon Cert CII is a respected industry leader with over 17 years’ industry experience in a variety of roles within the business insurance sector. He works across a wide spectrum of insurance product and policy development, delivery and optimisation for clients, including claims, insurer relationships, marketing and communications, and risk management.
Read more on our Cyber Hub
- Cyber and Covid
- Cyber Insights
- Cyber Risk Management
- Cyber Insurance
- Crime Insurance
- Cybercriminals Likely Poised to Attack as Magento 1 Reaches “End of Life”
- How to Become More Cyber Secure
- The Important Role Cyber Insurance Has to Play in the Coronavirus Crisis
- Cyber Risks on the Rise as Businesses Reopen
- Smartphones Becoming an Increasing Cybersecurity Risk for Organisations
- Risk Alert - Cyber Liability
For more information or for a full review of your insurance needs, please see our insurance specialisms, contact your usual Towergate Insurance Brokers adviser or email TIB@towergate.co.uk.
The information contained in this bulletin is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers adviser.