The U.S. Department of Labor’s Employee Benefits Security Administration posed an article discussing cybersecurity program best practices. The posting identifies the following 12 steps for cybersecurity success:
1. | A formal, well documented cybersecurity program; |
2. | Prudent annual risk assessments; |
3. | A reliable annual third-party audit of security controls. |
4. | A clearly defined and assigned information security roles and responsibilities; |
5. | Strong access control procedures; |
6. | Assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments; |
7. | Cybersecurity awareness training conducted at least annually for all personnel and updated to reflect risks identified by the most recent risk assessment; |
8. | A secure system development life cycle program; |
9. | A business resiliency program which effectively addresses business continuity, disaster recovery and incident response; |
10. | Encryption of sensitive data stored and in transit; |
11. | Strong technical controls implementing best security practices; and |
12. | Responsiveness to cybersecurity incidents or breaches. |
A copy of the posting may be accessed by clicking here.
Employers should make sure to implement cybersecurity programs and incorporate best practice suggestions.