Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Seven Ways to Keep Your Business Cyber Safe

 

Everyday life in business is challenging enough, without having the added stress of experiencing a cyberattack, such as ransomware, viruses and theft of personal data. So we’d like to give you seven ways to make your business more cyber safe, without breaking the bank.

Cartoon image show technology being guarded to depict cyber safety

1. Make cybersecurity a priority

If cybersecurity has up to now been something you know you should look at, but you never quite get around to it, maybe Cybersecurity Awareness Month is the time to do it. Add it to your management meeting agenda, clarify who has responsibility for looking at it, and start to expect some progress. After all, if management aren’t seen to be taking cybersecurity seriously, then how can they expect the rest of the organisation to do so?

2. Decide on your cyber security approach

It can help to have some structure to your cybersecurity efforts, and there are a number of frameworks and standards that can help, including Cyber Essentials, the ISO27001 standard and the Cybersecurity Framework. Do some research and decide which of these fits your business best in terms of size, resources and how far you want to go. For example, you could align with Cyber Essentials and become certified, or you could align with ISO27001 but not have a goal to certify in the near term. Each of these frameworks will provide you with an effective list of actions to make your business more secure, and you can decide the pace you want to go at.

3. Get everyone’s attention

It’s no use having clear goals at management level if no-one else at lower levels knows what’s going on. Use team meetings to deliver the message about cybersecurity and back this up with a programme of user awareness training covering areas such as phishing, home working, cloud security and social media. There are many such awareness training courses available both on a free and chargeable basis online, and they don’t take much effort to implement or take part in.

4. Get your passwords under control

If your organisation is not using a password manager, then chances are your passwords are at risk. Look closely at putting this type of software in place as soon as possible and encouraging everyone to use strong passwords that are different on every system and website. Make multifactor authentication (using an app on a phone to provide a single use number when logging in) compulsory where it’s available because this will increase your system security dramatically for very little cost.

5. Get a grip on your patching

After phishing and passwords, failing to patch your software (applying security fixes) is one of the biggest areas of exposure of many organisations. Doing this manually gets difficult once you get beyond even one or two devices, so you’re going to need some software that will keep on top of this for you. If you have an external IT provider they will be able to help, and this may be more cost-effective than going your own way.

6. Treat the cloud with caution

Cloud services are useful, and you can be up and running with just a credit card in minutes. But it’s this ease of implementation that gives rise to increased risks to your organisation. Team members who are under pressure to solve business problems may adopt cloud solutions that they actually know very little about. Is the service provider legitimate, or is it a front for cybercriminals? Where will company data be stored and will this information be safe in their hands? If you conduct an audit of the cloud services your organisation uses you may be surprised at the results. Make it clear to everyone that their use of cloud services needs to be approved, and put in place a process to carry out appropriate due diligence before any data are transferred to the cloud.

7. Start quizzing your suppliers

Modern business doesn’t happen in isolation. Your supply chain could present cyber attackers with a wealth of opportunities to compromise your organisation by proxy. If a supplier has access to your infrastructure and you have no idea how good their cybersecurity is, then you’re potentially leaving the door open to the bad guys. Start to ask questions of your suppliers around whether they have any certifications (for example to Cyber Essentials or ISO27001), information security policies and procedures, and how well they vet their own suppliers before contracting with them.

Conclusions

Depending on where you’re starting from, these seven actions could upgrade your cybersecurity in a short space of time, and at minimal cost. Remember that it’s all about risk. Focus on the areas of the business that really matter to you, and you won’t go too far wrong.

 

Written by CertiKit’s CEO, Ken Holmes CISSP, CIPP/E. Ken is the primary author of CertiKit’s toolkit range, an ISO 27001 Lead Auditor and has helped to implement, operate and audit ISO certifications over a varied 30-year career in the Information Technology industry. 


More Cyber Security Resources

If Cyber Security Awareness Month has inspired you to take action, we have some useful resources to help.

  • Cyber Security Blogs – We have a host of useful content relating to all things Cyber Security.
  • Cyber Essentials Toolkit – Align to the UK scheme with help from our document toolkit, including all the templates and guides required to comply.
  • ISO27001 Toolkit – Align to the ISO27001 standard for an Information Security Management System with help from our toolkit. Including 180+ documents, guides and templates, and unlimited email support.

We’ve helped more than 7000 businesses with their compliance

Testimonials

The toolkit is well laid out, clearly written and easy to adapt. I like the fact that it is compliant to the standard as a start point. This is difficult to achieve considering the diversity of organisations it is covering.

SSTL
UK

View all Testimonials