The U.S. Department of Labor’s Employee Benefits Security Administration posed an article discussing cybersecurity program best practices. The posting identifies the following 12 steps for cybersecurity success:
| 1. | A formal, well documented cybersecurity program; |
| 2. | Prudent annual risk assessments; |
| 3. | A reliable annual third-party audit of security controls. |
| 4. | A clearly defined and assigned information security roles and responsibilities; |
| 5. | Strong access control procedures; |
| 6. | Assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments; |
| 7. | Cybersecurity awareness training conducted at least annually for all personnel and updated to reflect risks identified by the most recent risk assessment; |
| 8. | A secure system development life cycle program; |
| 9. | A business resiliency program which effectively addresses business continuity, disaster recovery and incident response; |
| 10. | Encryption of sensitive data stored and in transit; |
| 11. | Strong technical controls implementing best security practices; and |
| 12. | Responsiveness to cybersecurity incidents or breaches. |
A copy of the posting may be accessed by clicking here.
Employers should make sure to implement cybersecurity programs and incorporate best practice suggestions.
