David Speaks:  Security Assessments & Technology Policy

This week David hosted a webinar with the College of Law's Centre for Legal Innovation focussing on Security Assessments and Technology Policy to create a security first culture in the workplace.

We have outlined below the key takeouts from the webinar, which will be available on YouTube soon:

  • Creating a security first culture is important, even though the Board and Management are ultimately responsible, everyone plays a critical part in data security. 
  • Whilst there are financial costs relating to a data breach, there are also reputational risks and staff morale
  • The National Institute of Standards Technology (NIST) Cybersecurity Framework is a great basis to start from for your organisation, it complements ISO27001 risk management standards. The Framework is outlined in the image below.
  • Undertake a security assessment before you start on a cybersecurity journey for your organisation. This will give your organisation a benchmark and clearly set tasks and goals
  • Know your data – what do you collect, store and who has access to it and most importantly, how is it protected?
  • The security of physical data is just as important as digital
  • Assign responsibility for cybersecurity to 1 person
  • Make sure your internal policies align to the law, regulation and codes of conduct
  • Ensure that you have policies in place to support the cybersecurity goals, Technology Acceptable Use, Data Breach Response, Business continuity and disaster recovery are essential
  • And most importantly, don’t be afraid to ask for help on your cybersecurity journey.

David's cybersecurity series for 2020 continues in April with a webinar focussing on Passwords, password management tools and multifactor authentication.