This document outlines steps organizations can take to improve cybersecurity and protect against threats. It recommends that security become part of an organization's culture through clear communication of risks. It also stresses the importance of identifying critical assets, policies, compliance, and response plans to manage cyber risks. Regular testing of incident response plans is advised to minimize potential damage from threats. Basic steps outlined include using antivirus software, firewalls, data backup, encryption, and security policies for mobile devices.

1. Security must become a part of the organization’s culture.
Cyber security and profitability goals need to be closely aligned and clearly
communicated by elevating the conversation and educating staff about risks
affecting the business..
Evaluate and manage cyber security threats.
Identify critical assets and the financial, competitive, reputational and or
regulatory impact and exposure to the organization. Identify and develop
policies and strategies to manage cyber risks to an acceptable level.
Implement a risk based approach, compliance alone isn’t enough.
A risk based approach will produce a comprehensive and cost effective
management of cyber risks than compliance activities alone. Compliance
requirements help to establish a good cybersecurity baseline to address
known vulnerabilities.
Cybersecurity is NOT implementing a checklist of requirements – it’s day to
day policies and procedures that are the strategic framework of the
organization. Managing these threats is constant and ever changing.
Response Plans and Procedures.
Incident response plans must be tested regularly to enable timely response
and minimize potential damage. Identify strategic threats by analyzing,
aggregating, and integrating risk data from various sources and sharing
insights with partners in order to improve the security framework.
Many small businesses run a large part of their business
over the Internet without any security features. Being
online opens the door to potential risks and rewards. This
document provides an overview on how to protect your
organization’s information and networks in event of a
cyber-attack.
Simple safe steps are provided to educate your
staff about information security practices.
The SMLR Group is a full service
cyber security/risk assessment-
consulting firm, specializing
in: Privacy Audits, Standardized
Vendor Compliance Audits
(SVCA), Privacy Policies, Written
Information Security Plans, and
Data Breach Defensible Response
Consultation.
SMLR Group, Inc.
http://www.smlrgroup.com
Simple, Safe Steps to Cyber Security
Creating A Secure Network
SOURCE
The Department of Homeland
Security (DHS) is responsible
for safeguarding our Nation’s
critical infrastructure from
physical and cyber threats that
can affect our national security,
public safety, and economic
prosperity.
For more information, please
visit: www.dhs.gov/cyber.
To report a cyber incident:
https://forms.us-cert.gov/report/
or (888) 282-0870

2. SOURCE
The Department of Homeland
Security (DHS) is responsible
for safeguarding our Nation’s
critical infrastructure from
physical and cyber threats that
can affect our national security,
public safety, and economic
prosperity.
For more information, please
visit: www.dhs.gov/cyber.
To report a cyber incident:
https://forms.us-cert.gov/report/
or (888) 282-0870
Cyber threats constantly evolve with increasing intensity and
complexity potentially causing costly downtime to on going
business operations and supply chain. Compromised intellectual
property and customer data may result in reputational damage to
the organization’s credibility and trust.
BASIC STEPS TO CREATING A SECURE NETWORK
Antivirus software is a Must
Antivirus software detects and removes malware, including adware and
spyware, and filters out potentially dangerous downloads and emails.
Firewall Administrative Settings
Protect your network by restricting access to select websites. Configure
setting to block staff from sending proprietary data and specific types of
emails outside of your network. Administrative access should be limited to
key personnel and IT staff.
Create a Cyber Security Framework
Develop a clear security policy plan that designates which individuals have
access to which types of sensitive information. Provide clear direction as to
how staff and vendors must process critical proprietary and client data.
Back up Essential Data Every Day
Back up your organization’s data automatically, using a combination of
cloud and off-site backup.
Encrypt All Data
Encryption is essential to protecting personal identifiable information (PII).
Data is rendered useless without authorized access codes.
Update Wi-Fi Network
Wi-Fi Protected Access version 2 (WPA2) is widely recognized as the most
current and secure encryption available.
Mandate Security Polices for Mobile Devices
Remotely track devices SIM card, back up data and remotely lock devices
that are lost or stolen. Mandate employees create passwords for their
devices and report security breaches.
+
+
+
+
+
+
The SMLR Group is a full service
cyber security/risk assessment-
consulting firm, specializing
in: Privacy Audits, Standardized
Vendor Compliance Audits
(SVCA), Privacy Policies, Written
Information Security Plans, and
Data Breach Defensible Response
Consultation.
SMLR Group, Inc.
http://www.smlrgroup.com
Simple, Safe Steps to Cyber Security
Creating A Secure Network