Defense In Depth: 10 steps to build a secure foundation against cyber attacks in 2022

Defining and communicating your Business’s Information Risk Strategy is central to your organization’s overall cyber security strategy.

We recommend you establish this strategy, including the nine associated security areas described below, in order to protect your business against the majority of cyber attacks.

1. Set up your Risk Management Strategy

Assess the risks to your organization’s information and systems with the same energy you would for legal, regulatory, financial or operational risks.

To achieve this, embed a Risk Management Strategy across your organization, supported by your leadership and senior managers.

Determine your risk appetite, make cyber risk a priority for your leadership, and produce supporting risk management policies.

2. Network Security

Protect your networks from attack.

Defend the network perimeter, filter out unauthorized access and malicious content.

Monitor and test security controls.

3. User education and awareness

Produce user security policies covering acceptable and secure use of your systems.

Include in staff training.

Maintain awareness of cyber risks.

4. Malware prevention

Produce relevant policies and establish anti-malware defenses across your organization.

5. Removable media controls

Produce a policy to control all access to removable media.

Limit media types and use.

Scan all media for malware before importing onto the corporate system.

6. Secure configuration

Apply security patches and ensure the secure configuration of all systems is maintained.

Create a system inventory an define a baseline build for all devices.

All HailBytes products are built on “Golden Images” which use CIS-mandated controls to ensure secure configuration compliant with major risk frameworks.

7. Managing user privileges

Establish effective management processes and limit the number of privileged accounts.

Limit user privileges and monitor user activity.

Control access to activity and audit logs.

8. Incident Management

Establish an incident response and disaster recovery capability.

Test your incident management plans.

Provide specialist training.

Report criminal incidents to law enforcement.

9. Monitoring

Establish a monitoring strategy and produce supporting policies.

Continuously monitor all systems and networks.

Analyse logs for unusual activity that could indicate an attack.

10. Home and mobile working

Develop a mobile working policy and train staff to adhere to it.

Apply the secure baseline and build to all devices.

Protect data both in transit and at rest.

How Will Phishing Change In 2023

How Will Phishing Change In 2023?

How Will Phishing Change In 2023? Introduction: Phishing is a form of electronic fraud that uses disguised emails to trick unsuspecting recipients into revealing sensitive

Read More »


Podio Introduction Podio is a comprehensive platform for business management, communication and collaboration with the features of document management system. It enables users to create

Read More »