Back to Basics
Test your response plan — it is not good enough if the response plan is only used when required. Document issues and adjust the response plan if it fail to deliver
Keep it simple
Where can staff find the recovery plan
Prevention is better than cure
Availability—users should be able to access information or systems when needed
Integrity—data should be intact, accurate and complete, and IT systems must be kept operational and maintained
Confidentiality—only individuals with the correct level of authorisation can access data and information assets
Authority and access control policy
How can information be access
Who have authority to share information and what level of information can be shared
or move backup to secure cloud storage.
Securely store backup media (HDD),
Encrypt data backup
Move data to secure cloud storages repositories with the approritate encryption levels according to industry best practises
Level of encryption, a firewall, anti-malware, anti virus protection.
All computing devices must be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less. You must lock the screen or log off when the device is unattended
Make employees responsible for noticing, preventing and reporting any attacks or suspicious activities
Provide training to inform employees of your security procedures, mechanisms and their security responsibilities, including data protection measures, access protection measures, and sensitive data classification
Acceptable Use Policy
Inappropriate use exposes Company to risks including virus attacks, compromise of network systems and services, and legal issues.
Create rules to protect the employee and Company