As you may have noticed by now, we feel there needs to be a bigger conversation when it comes to securing your company’s information. Cyber tools, when properly deployed, can help protect against certain technically-related risks, but they don’t address the other areas where risks commonly present themselves, through the day-to-day operations of a business. These areas are just as important to address as cyber security.
We have prepared the list below which we hope you find helpful:
|What Cyber tools will not do||What to do about it|
|1. Determine if your suppliers are creating additional risks.||Develop a method for assessing suppliers, both new and old. If you don’t get the answers you like, put pressure on them or it may be time to change suppliers.|
|2. Provide company specific guidance on what staff can and cannot do with company owned assets such as email, phones and laptops.||Have everyone sign an acceptable use policy which clearly states acceptable and unacceptable use of company assets, responsibilities in protecting information, the consequences of failing to do so, and who to contact if they have questions.|
|3. Teach your staff the risks that they can help control.||Identify staff awareness training resources. A mixture of generic e-learning and company specific quizzes, a couple of times per year, will help ensure continuity of awareness.|
|4. Help your business recover from a disaster.||If you have a plan, review it and update it as required. If you don’t have a plan, you really should create one!|
|5. Prepare your business on how to respond to an Incident, such as ransomware.||If you have an incident response procedure, review it and update it as needed. If you don’t have a plan, start making one.|
If you would like to learn more about a comprehensive information security program and discuss if your business should be looking beyond cyber security, feel free to reach out to us through one of the following methods:
- To contact our MD: Send an email to firstname.lastname@example.org
- To contact our Information Security Manager: Send an email to email@example.com
- Click here to submit a request for us to call back.