For many companies, their IT Management Plan is either non-existent or disjointed. From cyber security to managed print services there is a need for communication to ensure everyone knows the plan and what they should do in case of emergency or another type of IT security incident. Whether it is in its infancy or a mature document, it needs to be reviewed regularly to ensure it is working effectively in line with your business goals.
Does your staff know how to identify a phishing attack, do they know how to deal with a slow or unresponsive computer? Are they allowed to take their laptop home but don’t have encryption on it or on any USBs they use? Are they told how to store their laptop in the car if they pop into the shops on way to office or home e.g. in the boot? Have the contents of the plan changed over the years and if yes, has this been communicated out to staff? If it has not been changed, is it still relevant?
Forming part of your IT Management Plan, your Cyber Security Plan should lay out the way in which you will keep your data and devices safe from internal and external attacks or, as is more often the case, human error. Depending on the type of business you have you may want to look at some of the following however this is not a comprehensive list.
- Access – who needs it and what do they really need access to?
- Facility Security
- Incident Response and Reporting
- Mobile Devices
- Network Security
- Operational Security
- Payment Cards
- Policy Development, Management
- Privacy and Data Security
- Scams and Fraud
- Website Security
- Do you regularly change passwords when staff leave for computers, facilities, and other access points?
If you need help compiling your plan or if you would like us to review your current systems and security levels, call us on 0333 241 2544 or visit our Cyber Security page on our website https://www.gnctechnology.co.uk/it-services/cyber-security/