Chapter 19




               3.3  Promoting cyber security

               The key ways in promoting cyber security to staff are:

                    Having a written policy. This will increase awareness and provide staff with a
                     reference point for problem resolution.

                    Providing ongoing training and assessment. This can provide examples,
                     reinforce messages and ensure staff are vigilant. Training should be performed
                     at least once annually.


                    Having a dedicated cyber security staff. This will keep policies and training up-
                     to-date and provide staff with a point of contact for problem resolution.


                    Limiting access. Staff should only be able to access the data that they require.
                     Fewer data users means fewer data risks.


                    Limiting data. Staff should regularly be encouraged to remove data that they no
                     longer require. The more data that is held the greater the cyber security risks.

                    Automating systems. Systems should be able to highlight any popular threats
                     such as phishing attacks.















































               248