A Five Step Cybersecurity Program
While cybersecurity is or should be everyone’s concern, the complexities can be daunting. Technical details are best left to professionals, but there are basic steps everyone can do. Zurich Insurance has posted their five step program at https://youtalk-insurance.com/news/zurich/5-steps-to-a-better-cybersecurity-programme?:
- Take a complete inventory of IT assets. This includes a complete and accurate network diagram and a ledger of all devices connected to your network. Needless to say, the inventory should be updated when systems or devices are added or removed.
- Have a vulnerability management and patching program. Know the status of each device and run automated scans of the entire network at least monthly. Apply patches as quickly as possible to lessen the chance that hackers will take advantage of a vulnerability.
- Conduct an awareness and training program for users. It cannot be emphasized too strongly that users are the weak link in cybersecurity. Educate them on avoiding social engineering scams and safe browsing. Teach them to use strong but easily remembered passwords. Have an acceptable use policy.
- Monitor information assets on a continuous basis. Most devices generate data reports which can alert administrators to suspicious activity. If in-house staff does not have the expertise use a third party security monitor.
- Have an incident response plan. Assume something will go wrong. The plan should address possible contingencies and who will respond internally and externally. Practice on a regular basis.
These are the basics. Contact your cyber insurer for assistance in puting them into practice.