b'Make employees aware ofStep 8: Emergency PreparednessFOGHORN FOCUS No organization is immune to cyber-attacks. It is import-cybersecurity. Employeesant to have a plan in place for responding to attacks quickly and effectively. The plan should include steps for mitigat-are often the weakest ing the damage, containing the attack, and investigating theincident.Developabusinesscontinuityplan(ISO link. Statistics show 22301:2019 Business Continuity).almost 36 percent of data Develop a comprehensive plan for respondingto cyber-attacks swiftly and efficiently, includingbreaches are caused by reporting mechanisms. employee negligence.Test and improve business continuity plans regularly.Step 9: Assess EffectivenessThe check stage of the PDCA cycle is perhaps vital to have Step 6: Maintain Basic Measures confidence on how the organizations cyber security mea-Basic safety measures are easy to implement and for thesures are working.mostpartcost-effective.Thiscanincludecybersecurity awarenesstrainingforpersonnel,physicalsecurity,andConduct regular cybersecurity assessments, including password security. Below are listed a few more though thisthird-party evaluations for objectivity.is not an exhaustive list:Evaluate assets, vulnerabilities, IT/OT risks, physicalKeep hardware and software updated. access, and breach potentials. Automated antivirus and anti-malware updates. Step 10: Continual ImprovementEmbrace continual improvement through the PDCALimit administrator privileges and cycle to maintain vigilance. control removable media. I nvest in training personnel on cybersecurity standardsAvoid public network connections without a VPN. like ISO 27001. Regularly backup and test information CONCLUSIONrestoration capabilities. Taking cybersecurity seriously and implementing these ten steps can significantly mitigate the risk of cyber-attacks. Step 7: Employee Awareness Begin the process by conducting a gap assessment using Make employees aware of cybersecurity. Employees are oftena qualified person to assess where your system currently the weakest link in the security chain. Statistics show almoststands and what actions need to be taken. 36 percent of data breaches are caused by employee negli-gence. Immediate actions an organization can take include: Th action plan will identify risks, gaps, and controls need-ed. These controls can easily be integrated into the existing Educate employees on cybersecurity best practices tosafety management system. Investing in your cybersecuri-minimize human error. ty today will better prepare your organization to manage future risks. Leadership involvement is crucial, and theseTrain personnel to identify phishing attacks and reportsteps serve as a solid foundation to fortify cybersecurityincidents promptly. measures effectively.FOGHORN 24'