This week David hosted a webinar with the College of Law's Centre for Legal Innovation focussing on Security Assessments and Technology Policy to create a security first culture in the workplace.

We have outlined below the key takeouts from the webinar, which will be available on YouTube soon:

• Creating a security first culture is important, even though the Board and Management are ultimately responsible, everyone plays a critical part in data security. 
• Whilst there are financial costs relating to a data breach, there are also reputational risks and staff morale
• The National Institute of Standards Technology (NIST) Cybersecurity Framework is a great basis to start from for your organisation, it complements ISO27001 risk management standards. The Framework is outlined in the image below.
• Undertake a security assessment before you start on a cybersecurity journey for your organisation. This will give your organisation a benchmark and clearly set tasks and goals
• Know your data – what do you collect, store and who has access to it and most importantly, how is it protected?
• The security of physical data is just as important as digital
• Assign responsibility for cybersecurity to 1 person
• Make sure your internal policies align to the law, regulation and codes of conduct
• Ensure that you have policies in place to support the cybersecurity goals, Technology Acceptable Use, Data Breach Response, Business continuity and disaster recovery are essential
• And most importantly, don’t be afraid to ask for help on your cybersecurity journey.

David's cybersecurity series for 2020 continues in April with a webinar focussing on Passwords, password management tools and multifactor authentication.