This week David hosted a webinar with the College of Law's Centre for Legal Innovation focussing on Security Assessments and Technology Policy to create a security first culture in the workplace.
We have outlined below the key takeouts from the webinar, which will be available on YouTube soon:
- Creating a security first culture is important, even though the Board and Management are ultimately responsible, everyone plays a critical part in data security.
- Whilst there are financial costs relating to a data breach, there are also reputational risks and staff morale
- The National Institute of Standards Technology (NIST) Cybersecurity Framework is a great basis to start from for your organisation, it complements ISO27001 risk management standards. The Framework is outlined in the image below.
- Undertake a security assessment before you start on a cybersecurity journey for your organisation. This will give your organisation a benchmark and clearly set tasks and goals
- Know your data – what do you collect, store and who has access to it and most importantly, how is it protected?
- The security of physical data is just as important as digital
- Assign responsibility for cybersecurity to 1 person
- Make sure your internal policies align to the law, regulation and codes of conduct
- Ensure that you have policies in place to support the cybersecurity goals, Technology Acceptable Use, Data Breach Response, Business continuity and disaster recovery are essential
- And most importantly, don’t be afraid to ask for help on your cybersecurity journey.
David's cybersecurity series for 2020 continues in April with a webinar focussing on Passwords, password management tools and multifactor authentication.