Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Be Cyber Smart - Ten steps for Improved Cyber Security

 

Whether you’re working for a large enterprise or a small start-up, it’s important to ensure cyber security is embedded into your working processes. Everyone has a part to play and as October is National Cyber Security Awareness Month, we’ve put together best practice ideas you can embed to #BeCyberSmart in both your workplace and home environment.

Download our free infographic to share around your teams with 10 easy steps to cyber security that everyone can implement.

Download Free infographic

1) Strong password management

It may seem like an obvious one, but your password is your weakest link. Stolen credentials are one of the most common causes of a data breach.

Best practice is to:

  • Use a different password for each login
  • Don’t use personal information in your password that could be guessed
  • Use random words, lower and uppercase, numbers and special characters
  • Change passwords if you think they have been compromised

2) Multi-factor authentication

Multi-factor authentication is becoming more common and you’re probably using it for at least one of your accounts, such as online banking where it is required. But best practice is to enable multi-factor authentication on all accounts where you can.

Authentication factors classically fall into three categories:

  • Knowledge –Something you know such as username, email, and password
  • Possession- Another device that will verify your identity, such as an SMS code or authenticator app
  • Being- Something you are, such as a fingerprint, voice, or face ID

3) Use your own devices with caution

Often organisations have strict own device policies, and rightly so. If your device isn’t updated with the latest protection you could put your organisation’s data at risk. Ensure you apply all security measures outlined by your company’s policy and ask the IT team if you’re unsure.

4) Allow all updates

It can be tempting when you’re busy to schedule new updates for your hardware to a later date, but it’s important to action these as soon as they’re available. Whilst often they take some time and you may be required to reboot your device, it’s a good opportunity to work off-screen for a while or take a coffee break to ensure that security patches and fixes are updated as soon as possible. By ensuring your devices are up to date you can be confident you’re reducing your risk of a hack.

5) Think before you click

Clicking links in emails or on unknown sites is a risky habit. Even if the content looks legitimate, a safer habit is to manually type out URLs. This way you’re not inadvertently putting your organisation or even your own data at risk. Always check the URLs and email domains of unknown senders too to see if they look genuine when receiving an email from someone you don’t know.

6) Backups

Backups are key and ensure if something happens to your data for example hardware failures, ransomware attacks and even physical theft, you can retrieve your data. It’s important to store backups in a secure location separate from the original files, such as on a cloud system or physical hard drive. Make sure you’re aware of any actions required by your organisation so you can play your part in keeping all files secure.

7) Look for the padlock

When searching for websites via a search engine, keep an eye on the URL to see if it looks legitimate and matches the company intended (with no typos).  Look into the address bar for the padlock icon, this indicates an encrypted connection and identifies the information on the site as safe. This is especially important if you’re required to enter sensitive information such as PII or financial information.

8) Don’t use free public networks

If you’re out and about working, it may be tempting to use free public networks, but this is a red flag in terms of cyber security. Free WIFI networks are one of the easiest ways cyber criminals can target your device. If you must log in to a free public network, we’d advise not using it for accessing sensitive information and always use a VPN. A VPN improves security and enables users to access a public network as though it was connected directly to the private network.

9) Don’t store passwords or data in websites

Convenience is one of the downfalls of cyber security, whilst you may think it’s easier to stay remembered on your most used sites to save time, it increases your risk of a hacker accessing your data. Using a password management system is good practice allowing you to create different complex passwords for each site without having to remember them.

10) Log and inform

If you do suspect a fraudulent website or a phishing scam, notify your colleagues and log within your organisation. Information is key and ensuring all colleagues are aware of potential scams will reduce the risk of them falling victim too.

Our final words

Whatever your organisation’s size or sector, it is important to remain vigilant when it comes to cyber security. Embedding cyber security practices into your organisation so that it becomes second nature and is at the forefront of employees minds is key to a cyber-safe environment. If you’re looking for additional guidance, CertiKit’s toolkits for ISO27001 – Information Security Management System and Cyber Essentials are written by a CISSP-qualified specialist and are a great way of embedding extra controls into your organisation.


More ISO27001 Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO27001:2022 standard, we’ve put together a list of our best free resources including video guides, blogs and downloadable documents.

Free ISO27001 Resources

We’ve helped more than 7000 businesses with their compliance

Testimonials

The toolkit was perfect in delivering the correct process to our business, preventing thousands spent on consultants delivering the same toolkit. It also played a massive part in speeding up our compliance in GDPR.

G3 Comms Limited
UK

View all Testimonials