Cyber Security is a journey and every business will be at a different stage on that journey. There is no one solution or product that can be done or bought that will make you 100% secure. Good cyber hygiene is about doing lots of different things on a consistent basis that will make the most difference. In order to help secure your business in 2019, here are some Cyber New Year’s resolutions that most businesses can implement to help them along the way.
1. Review your security policies
Take some time look over what IT security polices you have in place. Are these still relevant and do the cover all the technology that is used in your business? Look at things like the password requirements and see if they match up with current advice that longer is better and there is no real reason to force users to change their password regularly. Does your business have a policy on the use of Social Media for staff? Remember that this is an area that Cyber-criminals will research when looking for a target.
2. Review your backup policy
Is your current method of backing up robust enough? Are you completing regular backups, and have they been tested to make sure that they are working as you would expect them to? Backups could save your business one day.
3. Raise Staff Awareness
Your users are your last line of defence. They need to understand what the risks are and how to spot anything suspicious. They need to know how to report something that is or looks suspicious. Your defences are only as strong as the weakest person in your organisation.
4. Renew or Gain Cyber Essentials
If you haven’t already gone through the process to become Cyber Essentials accredited, make 2019 the year. Cyber Essentials shows that you meet a standard of Cyber Security and lets your staff and customers know that you are taking things seriously. For more information on Cyber Essentials, please visit https://www.sbrcentre.co.uk/services/cyber-services/cisp-and-cyber-essentials/cyber-essentials/
5. Create an incident response plan and test it.
It is almost inevitable that at some point you will face a cyber incident. Don’t wait till it happens - think about how you would handle an attack now. No doubt your business already has business continuity plans and these have probably been tested at some point, do the same from a Cyber perspective. Do you know what would happen if you lost access to your IT systems? Do you have something in place to help you keep running your business? How would you communicate with staff and clients? Get these things written down now, then test the plan with a table top exercise.
- Gerry Grant, Chief Ethical Hacker
For more information and advice, please email firstname.lastname@example.org or message us on our website!