Blog Seven Ways to Keep Your Business Cyber Safe

1. Make cybersecurity a priority

If cybersecurity has up to now been something you know you should look at, but you never quite get around to it, maybe Cybersecurity Awareness Month is the time to do it. Add it to your management meeting agenda, clarify who has responsibility for looking at it, and start to expect some progress. After all, if management aren’t seen to be taking cybersecurity seriously, then how can they expect the rest of the organisation to do so?

2. Decide on your cyber security approach

It can help to have some structure to your cybersecurity efforts, and there are a number of frameworks and standards that can help, including Cyber Essentials, the ISO27001 standard and the Cybersecurity Framework. Do some research and decide which of these fits your business best in terms of size, resources and how far you want to go. For example, you could align with Cyber Essentials and become certified, or you could align with ISO27001 but not have a goal to certify in the near term. Each of these frameworks will provide you with an effective list of actions to make your business more secure, and you can decide the pace you want to go at.

3. Get everyone’s attention

It’s no use having clear goals at management level if no-one else at lower levels knows what’s going on. Use team meetings to deliver the message about cybersecurity and back this up with a programme of user awareness training covering areas such as phishing, home working, cloud security and social media. There are many such awareness training courses available both on a free and chargeable basis online, and they don’t take much effort to implement or take part in.

4. Get your passwords under control

If your organisation is not using a password manager, then chances are your passwords are at risk. Look closely at putting this type of software in place as soon as possible and encouraging everyone to use strong passwords that are different on every system and website. Make multifactor authentication (using an app on a phone to provide a single use number when logging in) compulsory where it’s available because this will increase your system security dramatically for very little cost.

5. Get a grip on your patching

After phishing and passwords, failing to patch your software (applying security fixes) is one of the biggest areas of exposure of many organisations. Doing this manually gets difficult once you get beyond even one or two devices, so you’re going to need some software that will keep on top of this for you. If you have an external IT provider they will be able to help, and this may be more cost-effective than going your own way.

6. Treat the cloud with caution

Cloud services are useful, and you can be up and running with just a credit card in minutes. But it’s this ease of implementation that gives rise to increased risks to your organisation. Team members who are under pressure to solve business problems may adopt cloud solutions that they actually know very little about. Is the service provider legitimate, or is it a front for cybercriminals? Where will company data be stored and will this information be safe in their hands? If you conduct an audit of the cloud services your organisation uses you may be surprised at the results. Make it clear to everyone that their use of cloud services needs to be approved, and put in place a process to carry out appropriate due diligence before any data are transferred to the cloud.

7. Start quizzing your suppliers

Modern business doesn’t happen in isolation. Your supply chain could present cyber attackers with a wealth of opportunities to compromise your organisation by proxy. If a supplier has access to your infrastructure and you have no idea how good their cybersecurity is, then you’re potentially leaving the door open to the bad guys. Start to ask questions of your suppliers around whether they have any certifications (for example to Cyber Essentials or ISO27001), information security policies and procedures, and how well they vet their own suppliers before contracting with them.

Conclusions

Depending on where you’re starting from, these seven actions could upgrade your cybersecurity in a short space of time, and at minimal cost. Remember that it’s all about risk. Focus on the areas of the business that really matter to you, and you won’t go too far wrong.

More Cyber Security Resources

If Cyber Security Awareness Month has inspired you to take action, we have some useful resources to help.

• Cyber Security Blogs – We have a host of useful content relating to all things Cyber Security.
• Cyber Essentials Toolkit – Align to the UK scheme with help from our document toolkit, including all the templates and guides required to comply.
• ISO27001 Toolkit – Align to the ISO27001 standard for an Information Security Management System with help from our toolkit. Including 180+ documents, guides and templates, and unlimited email support.