You are reading this so you realise there are risks
Most systems will need updating once purchased, as they would have spent time ‘on the shelf’, prior to use. Then once in service they will need constant updating, sometimes called ‘patching’. Do you know what needs updating, what settings need changing, is the admin password still the default (e.g. ADMIN)
The principle of ‘Least Privilege’, what accesses do people require to do their job? Are you aware there are different access levels
Security is everybody’s responsibility, increase awareness, provide training and establish a security conscious culture
All organisations WILL experience security incidents at some point. Can you list the most common types of attack and describe your reaction to these attacks
Malware typically involves somebody else putting bad things on your system. Develop and implement anti-malware policies and procedures, such as anti-virus, as part of an overall ‘defence in depth’ approach
Virtually all systems have monitoring elements built in, but they are useless as a preventative solution unless somebody is looking at them. Monitoring is often a key capability needed to comply with legal or regulatory requirement, such as the Data Protection Act.
Removable media, such as USB pen drives, provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use
Train users on the secure use of their mobile devices in the environments they are likely to be working in