The Norwegian Data Protection Authority has sent a letter to all 357 Norwegian municipalities. They are looking for four fundamental things — Information security management system, multi-factor authentication, access control, and incident recovery capabilities.
What does this mean to you?
Use the municipal authority as a checklist for yourself: do we have MFA everywhere, do we know who has access to what, and have we tested if we can recover after a ransomware attack?
Inspired by: The Norwegian Data Protection Authority