This article has been updated with the new NCSC CiSP and Cyber Aware links. These were previously the CERT-UK CiSP and Cyber Streetwise links
In no particular order, a mix of technical and business level top cyber priorities.
1. Get informed and stay informed
2. Get the basics right
- Use strong passwords
- Keep your systems and software patched and up to date
- Vulnerability scan your external IP addresses regularly (every day)
- Read and implement the Cyber Essentials guidance and do the CES assessment
3. Use continuous security monitoring
Either look to deliver this in house or find an expert Outsource Security Provider, Managed Security Service Provider or Security as a Service Provider. The service needs to:
- Monitor your organisation for attacks
- Respond to the attacks on your behalf
- Prevent an attack from becoming a breach
4. Develop an incident response plan and practice it
You need to be ready. You are either hacked already and you don’t know it or you will be hacked. That’s your starting point - so now plan how to respond and practice your response. This is not just a technical exercise; you need to get the whole business ready including PR and C-level.
5. Ensure Cyber Security is a board level issue
Do you have cyber security risk on your risk register? Is is discussed at board level? Are your senior people getting the message and are they realising Cyber is a threat to their business. If not, it needs to be.