The U.S. Department of Labor’s Employee Benefits Security Administration posed an article discussing cybersecurity program best practices. The posting identifies the following 12 steps for cybersecurity success:
|1.||A formal, well documented cybersecurity program;|
|2.||Prudent annual risk assessments;|
|3.||A reliable annual third-party audit of security controls.|
|4.||A clearly defined and assigned information security roles and responsibilities;|
|5.||Strong access control procedures;|
|6.||Assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments;|
|7.||Cybersecurity awareness training conducted at least annually for all personnel and updated to reflect risks identified by the most recent risk assessment;|
|8.||A secure system development life cycle program;|
|9.||A business resiliency program which effectively addresses business continuity, disaster recovery and incident response;|
|10.||Encryption of sensitive data stored and in transit;|
|11.||Strong technical controls implementing best security practices; and|
|12.||Responsiveness to cybersecurity incidents or breaches.|
A copy of the posting may be accessed by clicking here.
Employers should make sure to implement cybersecurity programs and incorporate best practice suggestions.