IT Governance & Cyber Security Training
With so much business information and operations involving technology, it’s essential to have robust, relevant IT policies and processes in place.
Cyber Essentials is a government-backed, industry-supported scheme to help organisations implement a set of technical controls to protect themselves against common online security threats.
ISO 27001 is the international standard that specifies an ISMS (information security management system) – a systematic approach to managing information security risk. It is more in-depth than Cyber Essentials, providing 114 security controls encompassing people, processes and technology. The ISO involves a greater degree of organisational change, which may not suit all companies at given points in their lifecycle. Cyber Essentials is a lower bar but a practical framework that any company should be able to meet.
These two standards complement each other, informing organisations about best practice IT policies. The EMH Technology team has combined this information with other best practice sources and commonly seen due diligence questions. As a result, we suggest the following areas of IT governance require a formal policy to help inform and guide best practice:
- Acceptable Use
- Access Control & Passwords
- Antivirus
- Asset Management
- Bring Your Own Device (BYOD)
- Clear Desk
- Disaster Recovery / Business Continuity Process
- Email Usage
- Firewall
- GDPR (data protection)
- Information Security
- Secure Disposal
According to 78% of UK businesses, human error is the biggest risk to cyber security (Statista, May 2022). Appropriate training helps to increase awareness and understanding of cyber security amongst employees. It also educates and encourages best practice throughout the organisation, informed by your IT governance.
- secure configuration,
- boundary firewalls and Internet gateways,
- access control,
- patch management, and
- malware protection.
These elements are relevant to every business, regardless of size. They help your organisation implement robust IT processes and reduce human cyber risk.
“Cyber security is essential for every business,” says Eric Hughes of EMH Technology. “It helps to secure and protect processes and information throughout the organisation. Supporting employees through best practice training makes a big difference.”
Are you interested in educating your teams to use best practice in IT?
Are your customers or RFIs asking for your cyber security credentials?
Explore the Cyber Essentials accreditations available from EMH Technology. Our team will guide your employees through tailored training involving self assessment, practical support and external verification. It’s a straightforward way to adopt and demonstrate best IT practices. Contact us to discuss optimising your cyber security.