NCSAM: How to secure your workplace from cyber crime

October is National Cyber Security Awareness Month (NCSAM), an annual campaign about the importance of cybersecurity in everyday life. According to the US Department of Homeland Security (DHS), NCSAM “[…] is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”

Cyber crime is a growing issue in the US

Information security is one of the most prevalent issues in the US today. Over the course of the last nine months, many high-profile organizations were subject to major data breaches. The US Securities and Exchange Commission (SEC) (considered the largest US financial regulating agency), Deloitte, and Equifax all suffered cyber attacks that compromised personal and/or confidential data, put their reputations on the line, and raised concerns about IS.

Nine steps to make your work environment cyber secure

Information security affects nearly everyone. It begins in your home and extends into the workplace. All organizations are potential cyber crime targets. Here are eight steps you can take to instill a culture of cybersecurity, safeguard your information, and reduce data breach risk:

  1. Make sure you have implemented an adequate information security management system (ISMS)

An ISMS consists of the policies, procedures, guidelines, resources (including IT systems), and activities that protect a company’s information. Good information security meets the requirements of customers, employees, lawyers, and regulators. It is not only efficient, actively functional, and preventative but is also prepared to address events where your ISMS has been compromised.

  1. Adopt a risk management approach to information security

This point goes hand-in-hand with establishing an effective ISMS. Be aware of your information security risk profile, the range of risks that could affect your information assets, and have a solid understanding of the likelihood and/or impact of those risks.

  1. Meet basic cyber hygiene requirements with five critical controls

By adopting five basic controls, your organization will be able to fend off up to 80% of cyber attacks.

  • Boundary firewalls and Internet gateways: devices designed to prevent unauthorized access to or from private networks. Good setup of these devices either in hardware or software form is important for full effectiveness.
  • Secure configuration: ensuring that systems are configured in the most secure way for the needs of the organization.
  • Access control: ensuring only those who should have access to systems have access and at the appropriate level.
  • Malware protection: ensuring that virus and malware protection is installed and up to date.
  • Patch management: ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor have been applied.

If your organization is looking for a program to ensure these five controls are being met, the UK’s Cyber Essentials (CE) is a scheme will help you incorporate these controls. Learn more here >>

  1. Implement suitable education and awareness training

Training should bestow knowledge about information security policy and procedures, while inspiring daily practice. Make cybersecurity a topic of frequent discussion at all levels. Hold desktop drills to test business continuity procedures.

  1. Hold every person accountable

The more you know about workplace cybersecurity policies (including the consequences of data breaches), the better equipped you are to meet its requirements. Make sure all employees are security-aware. Encourage individual accountability for access and privacy.

  1. Make physical information security a part of your strategy

Safeguard the physical work environment. Restrict unauthorized people from entering your secure perimeter. Make sure documents are protected then destroyed when not needed. Secure your desktops, portable devices, and workstations.

  1. Know your company’s incident reporting procedure

Your organization should have an incident reporting procedure and business continuity plan. Make sure you know who the information security manager is and what to do when something goes wrong.

  1. Conduct an information security audit

Assess your information security posture from a technical, physical, and administrative perspective. If you have an existing information security management system (ISMS), make sure that it is working as it should be. When in doubt, call in experts to conduct an audit on your behalf.

  1. Obtain accredited certification to ISO 27001

ISO 27001 is the recognized global standard that defines the requirements for an organization’s ISMS. No matter what the size, structure, sector, or applied technical systems, any organization can adapt ISO 27001 for improved information security.

Follow our NCSAM blog series and learn how to secure your organization from cyber crime. Register to receive our Daily Sentinel and get up-to-date news and information.