For cyber risk to be adequately addressed, cyber security strategies should be secure, vigilant and resilient and identifying the risks is a good place to begin.
- Sensitive information on the walls and left uncovered on desks
- Sharing passwords/passwords kept in easy to find places
- Unlocked computers
- Document disposal is not secure
- Unsecure networks
- People overhearing discussions or viewing sensitive information
- Documents left lying around
- Use of personal social media accounts may create a risk
On The Move Risks
- Discussing sensitive information in public areas
- Your security pass is easily accessible/visible to the public
- Equipment is left unattended even for a brief moment
- Sensitive documents are in clear view of onlookers
Get Technical – protect company equipment:
Malware protection: install anti-virus solutions on all systems. Consider restricting access to inappropriate websites to lessen the risk of being exposed, maybe create a policy governing when and how security updates should be installed.
Network security: increase protection of your networks, including wireless networks.
Secure configuration: maintain an inventory of all IT equipment and software.
Managing user privileges: restrict employees and third-party access to IT equipment, IT systems and information to the minimum required.
Home and mobile working, including use of personal devices for work: ensure that sensitive data is encrypted when stored or transmitted online so it can only be accessed by authorised users.
Removable media: restrict the use of removable media such as USB drives and protect any data stored on such media to prevent data being lost and malware from being installed.
Monitoring: monitor use of all equipment and IT systems, collect activity logs, and ensure that you have the capability to identify any unauthorised or malicious activity.
Ensure the correct policies are rolled out to the employees based on home working and remote working. These policies will detail the specifics on how the employee is responsible for mitigating the risks when working from home or on the move.
Training can also be rolled out to educate employees on the risks, the signs of potential breaches and how to mitigate these. For example how to conduct their business when working in exposed public places.
Make sure HR work closely with IT to incorporate appropriate IT training and schedule regular IT ‘check ups’ for employees workplace devices.
We hope you enjoyed our article, look out for tomorrow’s blog; “Cyber security – How HR can help”…
Get in touch and let HR Revolution run through a GDPR audit to see where and how quickly changes can be implemented.
Call +44 203 538 5311, email: firstname.lastname@example.org or visit www.hrrevolution.co.uk where our expert CIPD HR professionals are waiting to help you with any questions you may have.
HR Revolution; supporting you, your employees AND your business.