In June 2015, the FFIEC (Federal Financial Institution Examination Council) published new guidance for the Financial Services Industry specifically addressing cyber security. While the recommendations were directed to the financial sector, the information is beneficial to all businesses.
They outlined 5 steps:
1. Cyber Risk Management and Oversight
However your company or personal PC / mobile device are configured and used, you need to understand the risks. Are your password(s) strong? Do you have virus protection? Is your network monitored?
2. Threat Intelligence & Collaboration
Pay attention to the news. If you hear about a threat, assume you could be included.
3. Cyber Security Controls
Controls come in many ways; physical, logical, detective. Implement as many as is reasonable for you and your business. Restrict access to your business devices, restrict access within software systems, and monitor activity.
4. External Dependence Management
If you use a third party to support your network have a vendor management program in place. Make sure you have completed your won due diligence of the service provider.
5. Incident Management & Resilience
Have a plan for if something does happen. Test the plan. And if needed, play the plan.
Here are some additional suggested websites for online safety: