Make sure your staff have security training regularly and understand the importance of good cyber security practice.
Get your staff to:
1. Change their passwords regularly and never use old passwords
2. Never use the same password for different online accounts
3. Use Two Factor Authentication (2FA) such as linking an account to a mobile or cell phone
4. Use strong passwords with a mix of numbers, symbols, upper and lower case letters, and use a password manager or, if they can’t remember them, write them down on paper somewhere safe without obviously referencing what it is used for
5. Choose security questions and answers that can not be easily guessed by someone else
6. Use the latest Threat Intelligence to automatically detect unpatched hardware and software to avoid a Data Breach.
7. Avoid Phishing Scams by not clicking on suspicious email links or open attachments in emails sent by someone you don't know. If something sounds too good to be true, it probably is, don't click on it!
8. Ensure all software, including anti-virus software, is kept current on all computers, servers and devices
9. Keep backup networks separate from the primary one and store backups in a separate location
10. Implement restricted administrative privilege
11. Develop business continuity and incident response plans
12. Never, under any circumstances, use a public network for financial transactions
13. Use Data Privacy Management Software including Data Discovery, to understand what data you have, what it is used for and whom you share it with. Then establish how the Data is stored, backed up and secured
14. Use reputable Third Party Risk Management Software to perform Vendor Management
15. Encrypt all data on fixed and mobile assets
16. Never upload data without password protection
Published 18 June 2020
Last Modified 19 February 2021