This includes securing any routers or devices which are connected or using the network. Appropriate software and internet firewalls have been set up to stop unwanted connections and to ensure device security.
Employees should be informed of their security obligations and responsibilities immediately after employment.
This includes up-to-date antivirus software on all devices and active applications that limit access across your network to certain users.
An up-to-date asset information and asset register is in use. All devices that have access to information are encrypted and password protected.
An annual risk assessment should identify which actions will be taken for each risk and an action plan should be in place to implement any actions identified in the risk assessment.