How to keep your organisation cyber-safe

Governance and Management:

1. make sure you have an up-to-date list that identifies:

   • what information you keep where

   • how bad would it be if that information were published or destroyed

2. make sure you take all practicable steps to keep that information safe using the Policies, Tools and Staff Empowerment outlined below, and remember GTB can help you with this.

3. have a plan what to do if that information is leaked or damaged.

Policies and Tools:

Not all will be cost-effective for small/medium businesses, but items 1,2 & 3 are strongly recommended for every organisation no matter how small or large.

1. Make sure all your PCs, notebooks and servers have modern, monitored “Endpoint Detection and Response” protection in place

2. Take steps to get rid of any personally identifiable information that you don’t need;

3. Make sure all your staff know and respect the steps they need to follow to keep your company cyber-safe

   ------- "advanced" from here down ---------

4. Strict firewalls, upgraded to control outbound as well as inbound traffic

5. Lock out USB drives from all company computers as this is a significant vector for malware

6. Lock out unauthorised software from all company computers

7. Frequently check that company data has appropriate sharing and security settings – old shares need to be housekept, etc

8. Penetration testing and security drills

Staff Empowerment: People, Passwords and Phishing

1. Train your WHOLE team to know:

   • that cyber threats can destroy or badly damage your company

   • why every password must be unique

   • how and why always to use Multi Factor Authentication for any important account, especially those with personally identifiable information*

   • how and why use a password manager so life does get spent endlessly entering passwords

   • how to recognise and know what to do when a dodgy email arrives, or a dodgy phone call, or a dodgy meeting request

* 2FA is "kind of" possible to implement for Medtech Evolution, as is not built into the application and has to be “wrapped around” the application by enforcing 2FA for Windows login.