Five things every organisation should be doing to combat the cyber threat

1 minute read

This article has been updated with the new NCSC CiSP and Cyber Aware links. These were previously the CERT-UK CiSP and Cyber Streetwise links

In no particular order, a mix of technical and business level top cyber priorities.

1. Get informed and stay informed

Raise your security awareness by being better informed and educating yourself and staff members. Get on NCSC’s CiSP. Educate your staff members to be Cyber Aware.

2. Get the basics right

  • Use strong passwords
  • Keep your systems and software patched and up to date
  • Vulnerability scan your external IP addresses regularly (every day)
  • Read and implement the Cyber Essentials guidance and do the CES assessment

3. Use continuous security monitoring

Either look to deliver this in house or find an expert Outsource Security Provider, Managed Security Service Provider or Security as a Service Provider. The service needs to:

  • Monitor your organisation for attacks
  • Respond to the attacks on your behalf
  • Prevent an attack from becoming a breach

4. Develop an incident response plan and practice it

You need to be ready. You are either hacked already and you don’t know it or you will be hacked. That’s your starting point - so now plan how to respond and practice your response. This is not just a technical exercise; you need to get the whole business ready including PR and C-level.

5. Ensure Cyber Security is a board level issue

Do you have cyber security risk on your risk register? Is is discussed at board level? Are your senior people getting the message and are they realising Cyber is a threat to their business. If not, it needs to be.

Updated: