Building Your Security & Privacy Program – From Plans to Action
Lessons learned from your assessment will steer a customized plan, easy to follow guidance (policies and procedures), easy to operate security tools, stress-free staff training, and operational support.
Develop Your Plan
Using simple and cost-effective data security and privacy techniques, 3 Lights will customize a plan to lower your risk profile.
Guide Your Team
Deliver program materials and training to explain risks, rewards, tools, and processes that protect your data, your staff, and your business.
Implement Your Plan
No plan is a success unless it reduces your risk and supports your business success. Let us put your plan, team, tools, and processes to work.
Recover From Incidents
Develop effective security event and disaster recovery processes to get your team back in business if attacked.
Your team is your most valuable resource and your greatest risk.
Privacy programs are built upon several key documents to guide you and your team.
These documents outline how to protect your network and data – what to do and how to do it. These documents provide needed guidance to your most valuable resource – your team. By educating your team you help to protect not only your business, but them as well.
We can help you to develop the policies, procedures, and how-to guides that will contribute most to protecting your business and team. We can help you to create or improve your security and privacy program and train your team how to protect your business, avoid cyber risks, and recover from any incidents that may occur.
Our Process:
Key Cybersecurity Policies
Acceptable Use Policy (AUP):
Defines acceptable behaviours for employees when using company technology, including internet usage, software installation, and personal use restrictions.
Data Security Policy:
Outlines guidelines for handling and protecting sensitive data, including encryption standards, data classification, and retention policies.
Incident Response Plan:
Defines procedures to be followed in case of a security breach, including steps for detection, containment, remediation, and post-incident analysis.
Remote Access Policy:
Sets guidelines for employees accessing company networks from remote locations, including required security protocols and device management.
Access Control Policy:
Determines who can access specific data and systems based on their role and need-to-know principle, managing user permissions and privileges.
Password Management Policy:
Establishes requirements for creating strong passwords, including length, complexity, and regular password changes.
Security Awareness Training Policy:
Mandates regular employee training on cybersecurity best practices, phishing awareness, and password hygiene.
Identity and Access Management (IAM) Policy:
Manages user identities and access rights across different systems, ensuring only authorised users can access sensitive data.
We can help you to define your legal obligations and build a program tailored to your business needs, resources, and risks. A quick survey to identify your industry and your cybersecurity readiness is the first step in protecting your business – your reputation
Our Focus Industries
Our Team.
Work with experienced professionals, not chatbots.
We know you want the best advices, service and support, so we bring our global and multi-industry experience direct to your business. No chatbots, no junior staff, you work directly with the experts.
Benjii Creevey
Thomas Schultz
Ben Shapira
Michael Brooks
Jason Durrant
Steve Duckworth