Cyber Security audits fulfil an important role in today’s IT environment. Whether your goal is to be compliant with standards and legislation e.g. ISO 27001 or you need to identify risks, Greenlight Computers can add value to your audit and give you a clearer understanding of where improvements are needed.
To correctly handle a Cyber Security audit an organisation needs to take a comprehensive and holistic approach. This entails careful planning with an analysis of every avenue that needs to be explored and at every layer of the organisation including:
- Regulatory compliance
- Staff education and vigilance
- Telecommunication safeguarding
- Data protection
- Password policies
- Network security
- Software updates and anti-virus
- Perimeter security
It can be wise to commission a third party for your Cyber Security audit, as it will bypass the partiality of your internal staff and allow a fresh and external perspective. This is where Greenlight Computers can help, as we can assess your requirements and evaluate your situation against your pre-determined security baseline. From here our specialists can make recommendations for improvement and even perform the necessary work, with the end result always being a better security strategy for your organisation.
Here are some of the basics you should already have in place:
- Up to date Anti-virus on every computer, even temporary contractor’s personal devices if they access your data
- Robust data backup strategy with versions in case a roll back is required
- Strong Firewall at the front of your network to minimise intrusion risk
- Strong password policies & two factor authentication, particularly on mobile devices
- Before deploying a Cloud application ensure you understand where your data is going to be held and how it is protected.
- Ensure all staff are aware of risks & conscious of their responsibilities. This includes clauses in employment contracts to protect the company and the individual.
- 3rd party access should be registered & monitored, the 3rd parties should also be made aware of their responsibilities before being engaged.
- Established procedures for regular monitoring of your data security, an audit schedule & an up to date risk register.
You cannot achieve 100% security but a conscious 90% is better than an unconscious 30%.