IT PROVISION AND CONTROLS – CHECKLIST
IT Provision
- Is your IT provider able to give you the confidence that they are proactively capable of tackling Cyber Threats on your behalf?
- Work with your IT support provider to develop a joint Cyber Attack prevention plan
- Ask your IT provider to show you evidence of their own Cyber Prevention approaches
- Has your IT provider been audited, can they give you assurances of their own policies and procedures?
Physical Security
- Ensure that personal information is kept securely including in a physical environment.
- Sign in and sign out paper files and removable media.
- Destroy / Shred all paper where the personal data has been saved to systems.
- Control those who may operate within your business temporarily
- Only give access to staff who need access to certain areas of the business, including locked areas of the business.
Controls
- Limiting remote access – Only allow access where it is genuinely needed for their role
- Physical access – Ensure you are able to track who is on the premises at all times.
- Passwords protocol – rigidly enforce and consider employing password-generating software
- Mobile device/removable media policy – Educate employees on best practices,
- Identity and access management (IAM): What processes have you in place to monitor who has access and why?
- Multi-factor or password-less authentication: adopt where available
- Upgrades occur at the same time across the business
- Access controls: automate and streamline access management and policy enforcement.
- Monitoring and auditing – Audit your controls and security
- Appoint someone to oversee the adoption of controls.
Common threats
- Become familiar with the terms (ransomware, malware, phishing, etc.) and ensure your staff are trained and retrained at regular intervals so understanding of the dangers remains.
Breaches
- There should be a written down approach to the business; an approach to dealing with the threat of a cyber-attack.
- When one occurs Respond swiftly and promptly
- Redress what you are able to within the existing policy/process
- Have transparent record-keeping showing clearly breaches and remedial actions taken including future event prevention.
Our Cyber Security Month is Supported By Our Sponsors
Beyond Encryption is the industry standard for secure digital communications, working with major household brands such as Aegon, HSBC, Royal London, Origo, Paragon Customer Communication and Westcoast Cloud.
We’ve built the world’s most secure encrypted communications network, protecting and connecting advisers, providers and platforms throughout financial services and other aligning industries with our secure email solution, Mailock.
Mailock is our versatile software platform, enabling organisations to send customer communication securely via email. Mailock protects sensitive data through end-to-end encryption and multi-factor authentication capabilities, helping our customers to remain compliant, reduce costs, and improve operational efficiencies – not to mention achieving a positive environmental impact through the reduction of print, pack, and post.
With nearly 100,000 customers across 1.8k companies, we give organisations the freedom to exchange information confidently, cost-effectively, and with full compliance, supporting businesses on their digital transformation journey.
Westcoast Cloud are a pureplay cloud distribution partner, enabling over 750 partners to make the most of public cloud services, and the associated security that is needed to support their use.
From email security, anti-phishing software for Microsoft365, to advanced tools and security for Microsoft Azure, we educate and train partners to be able to provide the best-in-class Microsoft security solutions to over 34,000 end user customers.
Alongside these tools we partner with best in breed solutions such as Beyond Encryption. This ensures markets that need that extra layer of security such as financial services and legal organisations, can stop potential attacks and disrupters accessing your customer information without your knowledge. With Beyond Encryptions advanced toolset, customers can control, manage, and maintain the security layers around their emails to ensure that the right information is reaching the right people all the time.
