Always change your password from the default set by administrators;
Never use details that are readily available;
Make it complex – use SYMBOLS, LETTERS and CAPITALS.
Use caution when clicking on links;
Know what you’ve posted about yourself;
Make sure your privacy settings are set to protect you;
Be selective of who you accept as friends;
Assume everything you put on social networking sites is permanent.
If your organisation allows home working, make sure you have:
Tracking and Wiping capability;
Pins and passwords.
If any devices are stolen, make sure it is reported to risk owners.
EDUCATION AND AWARENESS
Effective education and awareness campaigns will increase Cyber Security and information knowledge within the organisation,- creating an environment that is aware of the threats and understands what best practice and policy to follow to reduce the risks.
Ensure all removable media is encrypted;
Limit the types of removable media accepted on your systems;
Put a policy in place to control the use of removable media.
PROTECT YOUR COMPUTER
Use anti-virus software and keep it up-to-date;
Keep all your software up to date;
Check your security settings;
Be careful of opening email attachments.
USER ACCESS AND MONITORING
Control and manage access to critical information;
Consider vetting to grant access;
Identify irregular behaviours and activity.
USING THE CLOUD
Choose an organisation that is able to sufficiently guarantee their security policies and procedures;
Ensure contracts are in place to maintain the integrity, confidentiality and availability of your information;
Know where and how data is being stored and who is liable or responsible for that data.
Install and maintain a firewall;
Always update protection software and applications;
Undertake a penetration test (from a trusted source);
INFORMATION RISK MANAGEMENT
Who is responsible for risk? The board is responsible for driving Information Risk Management from the top down to ensure efficient compliance.
Allocate your security responsibilities. Ensure individuals know who is responsible for security within the organisation;
Identify information that is critical to achieving business objectives. Understand how much risk your organisation is taking with that information;
Introduce a policy so that the risks can be managed.