IASME Cyber Baseline is a new international cyber hygiene certification scheme available to organisations outside the UK. It tackles the basic, but critical, cyber security protection measures and leads the way to offer global supply chains a standardised and respected certification demonstrating robust cyber hygiene.
The IASME Cyber Baseline scheme allows every size of organisation in every sector to start their cyber security journey with simple cyber security measures across 8 themes.
Organisation
Assets
Secure architecture
People
Managing access
Technical intrusion
Backup and restore
Resilience: business continuity, incident management, and disaster recovery
In this blog, we explore the theme, People.
People
What is this theme about?
This theme is about making sure your staff are aware of your cyber security policies and processes and know what to do to keep your organisational systems and data safe.
Staff security awareness
You need to provide awareness training to all permanent and temporary staff, whether full or part time, on contract, paid or unpaid. If you use contractors/third parties, ensuring awareness should be included within your contractual agreements.
The awareness training you provide can be delivered by live or pre-recorded courses or workshops – in person or online, using ‘how to’ documents or good practice guides.
Appropriate training should be given to all staff during induction and upon changes to company policies and processes. Staff awareness activities must be conducted at least annually
Ensure staff are trained on secure password creation
-
The importance of using unique passwords for each system
-
How to create passwords that are difficult to guess and are a minimum of 12 characters
-
Information about using three random words and password management applications
It is recommended that you take these steps:
-
Carry out security awareness activities at least annually
-
Include company security policies and processes and password creation