In June 2015, the FFIEC (Federal Financial Institution Examination Council) published new guidance for the Financial Services Industry specifically addressing cyber security. While the recommendations were directed to the financial sector, the information applies to all business.
They outlined five steps:
1. Cyber Risk Management & Oversight
However your company or personal PC/mobile device are configured and used, you need to understand the risk. Are your passwords “strong”? Do you have virus protections? Is your network monitored?
2. Threat Intelligence & Collaboration
Pay attention to the news. If you hear about a threat, assume you could be included.
3. Cyber Security Controls
Controls come in many ways; physical, logical, detective. Implement as many as is reasonable for you and your business. Restrict access to your business devices, restrict access within software systems, monitor activity.
4. External Dependence Management
If you use a third party to support your network have a vendor management program in place. Be sure you have completed your own due diligence of the service provider.
5. Incident Management & Resilience
Have a plan if something does happen. Test the plan. And if needed, play the plan.