User awareness and training
Make sure that your organization’s ICT systems have a policy of user security which is acceptable and acknowledged in the terms and conditions of the company. All the workers need to receive lessons on possible cyber risks they can face, and how to counter them by using strong passwords and avoiding malicious links, as most cyber risks occur due to weak passwords. Proper Handling of user privileges Whoever granted the permission to access the ICT system, needs to only possess user privileges that will enable him/her carry out the work. There should be a limited number of privileged accounts like database administrators. Always screen the activities of users more so those possessing privileges like passwords changing and accounts creation. Mobile and Home working Evaluate all types of risks exposed when doing remote working that allows devises to get connected corporate network infrastructure, and come up with correct security strategies. Always protect and restrict the network access by using firewalls and virtual private networks (VPNs). Removable media controls You need to provide media policies that are removable, in that they are able regulate information that is being exported or imported on media. In case of unavoidable removable media, restrict types of media which can be used with systems and users at the same time, and the types of information which can be relayed too. Always use a standalone media scanner to do a thorough scanning on data to be imported to avoid any malware in the ICT system . Monitoring Create a monitoring policy and cultivate backup policies, having in mind the latest cyber-attacks and incident management policies of the organization. Always do a frequent outbound and inbound network traffic monitoring to highlight fishy activities which can trigger sharing of data unwillingly or attacks. To be able to do this, use (NIDS/HIDS) and (NIPS/HIDS). Prevention of Malware Create policies which directly cater for business practices like web browsing and emails, which stand a high risk of being attacked. It’s advisable to always do a malware scan on your ICT system using antivirus to prevent the organization and clients’ machines from viruses. Incident management Make sure you have a disaster recovery program which responds effectively to whatever incident that may occur. Always check your recovery and management plans regularly so as to prevent any back fire in case of any attack. If you suspect any online disorder or crime, don’t hesitate to report it to the authorities for a quick response. Network security Never connect to any untrusted networks like the internet because of cyber attacks. Always stick to a legitimate and renowned network principles when designing perimeter and internal network portions and ensuring the organization’s devices are well designed to a secure baseline build. Do filter all traffic found in your network perimeter to eliminate any additional traffic not needed and any suspected malware or contact Data Analyzers for help. Secure configuration Implement community policies and procedures to improve secure baseline builds, and bring about the structure and practice of ICT systems. Eliminate needless functions from ICT structures, and maintain them fixed against identified liabilities, so as to prevent the organization from exposure to vulnerabilities and threats. Information Risk Management Administration Evaluate all the organization’s risks thoroughly by creating an Information Risk Management Administration at the premises. Inform all your employees about the management of risks policies.
0 Comments
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |