< 1 minute read

Are you a manager or department leader with a team that processes customer or employee data?

Check your knowledge of Information Security with this quick quiz.

0%

Does your organisation have an Information Security policy that's regularly reviewed?

Data Security Policy

An Information Security policy guides data collection, storage and processing by an organisation. The policy’s purpose is to provide direction and support for Information Security and outline how to implement and monitor compliance.

Do all staff have regular Information Security awareness training?

Information Security Awareness Training

Regular Information Security awareness training is a must to avoid gaps in knowledge that can lead to mistakes. Training should apply to all staff, including temporary, locum or contract workers, so they’re fully aware of and fulfil their data security responsibilities.

Do you restrict physical access to premises and equipment?

On-premises Physical Security Measures

Restricting access to premises and equipment helps prevent unauthorised use, damage and manipulation of secure personal data. Examples of physical access controls include ID cards or pin pads, alarms and CCTV, to name just a few.

Do you have a clean desk policy so confidential information is not left exposed?

clear desk

A clean or clear desk policy asks staff to remove and lock away paper records, external storage (such as USB sticks) and portable devices (external hard drives) when not in use.

Do you have an asset inventory, to show where data is held, who has access to it and how it's protected?

Data server back up pexels 1181341

It’s essential to have a clear view of business systems, where data is held, who has access to it and how to protect it against unauthorised use. An asset inventory requires all hardware and software to be identified and classified to establish security compliance accountability. Assets include all office or home-based equipment used to store or process personal data.

Do you have a policy for remote working that includes Information Security?

remote working

Your Information Security policy must include adequate security measures for remote working. This includes risk assessment of using mobile devices and assigning authority to work remotely.

Are staff trained to use strong passwords and two-factor authentication (if available)?

Multi-factor Authentication

Strong passwords or passphrases are unique. They have more than 7 characters, combine letters (or words), numbers and a special character. It's also recommended to update them regularly. Two-factor authentication (2FA) is a second verification of an account owner used to complete a login attempt. Typically a verification code is made available via an authenticator app or text message used with a username and password to access systems or software applications.

Is malware protection software active on all IT systems?

Malware_protection

Malware can infect computers via several unsuspecting sources. Email attachments, websites and removable media are the most common. Your organisation should have malware protection software to scan networks and systems for threats. It must be kept up-to-date and staff educated about the risks of opening attachments from unknown sources.

Do you take daily system-level backups?

13

Your organisation should routinely backup personal data to restore information in the event of an attack, system failure or natural disaster.

Do you employ ethical cyber-crime specialist to highlight weaknesses in your IT systems?

Continuous Security Testing

Ethical cyber-specialists carry out penetration tests to try and exploit weaknesses in IT systems. Any potential system vulnerabilities can then be found and fixed to help you better safeguard information.

Do you regularly audit third-party suppliers to confirm their data security standards?

What data security qualifications do your suppliers have?

When selecting third-party suppliers to capture, process and/or store personal data for your organisation, it's vital to regularly audit and validate their Information Security credentials. Your due diligence might include checking the certifications they claim to have are valid, and visiting their premises to make sure their standards meet or exceed your expectations.

Quiz: Do you do Information Security like a professional?
Great work Professional! You clearly have a good grasp of Information Security.

Professional Badge

You obviously take Information Security seriously and have good general knowledge. If you'd like a deeper dive into the subject, look at our 27-page 'Guide: Optimising Information Security (https://datagraphic.co.uk/resource/guide-optimising-information-security). Written for managers, directors and department heads, the guide shares detailed information, statistics and tips to help you further protect, monitor and manage information in your care.
Ok Intermediate, you're on the right path, but there's room for improvement.

Intermediate Badge

You're making progress to improve your Information Security and understand it's important, but you need to do more. For some inspiration, why not download our 27-page 'Guide: Optimising Information Security'? https://datagraphic.co.uk/resource/guide-optimising-information-security It's written for managers, directors and department heads and shares information, statistics and tips to help you better protect, monitor and manage information in your care.
Hello Beginner - seems you have more to learn, but don't worry there's help at hand.

Beginner Badge

For some inspiration, why not download our 27-page 'Guide: Optimising Information Security'? https://datagraphic.co.uk/resource/guide-optimising-information-security/ It's written for managers, directors and department heads and shares information, statistics and tips to help you better protect, monitor and manage information in your care.