The company's information assets must be protected from unauthorized access, use, disclosure, disruption, modification, or destruction. The following security measures must be implemented and maintained:
- Strong passwords and multi-factor authentication must be used for all systems and applications.
- All systems and applications must be kept up to date with the latest security patches.
- A firewall must be in place to protect the company's network from unauthorized access.
- Antivirus software must be installed and kept up to date on all devices.
- All data must be backed up regularly and stored in a secure location.
- Staff must be trained on cyber security best practices.