Basic principle 1: Identify cyber risks
Why this basic principle?
By identifying important data, where it is located, and how access is organised, you may discover weak spots. What risks exist in and around important IT systems? Can you reduce these risks? A good understanding of your risks enables you to make informed choices about the measures to be taken and the associated investments to increase cyber resilience.
What can you do?
- Make an risk analysis (in Dutch).
- Update this inventory every 6 months. Schedule this activity in your calendar.
- Discuss the importance and content of the inventory with colleagues, employees, suppliers, and/or customers. Discuss everyone's responsibilities, record agreements with your IT supplier (in Dutch), and ensure that they are complied with. The weakest link determines the strength of the chain.
- If you no longer have access to your systems, you want to be able to fall back on data still available to you. Keep a hardcopy fallback and recovery plan (in Dutch), a contact list and contract information in an accessible place so that you can act quickly in the event of an incident.
In addition
Is your company dealing with a cyber incident? Then view the information and tips (in Dutch) and read what you can do to solve the problems. Read more about the 5 basic principles of running a secure digital business.
Test your cyber resilience with a scan
How is your company doing with the basic principles? To help you on your way, you can use the (Dutch) Basic Cyber Resilience Scan. Or you can take one of the scans provided by the British NCSC. It provides you with insight into the cyber resilience of your company based on the 5 basic principles of secure digital entrepreneurship.