Cyber Security Check List For Business IT
Being Cyber Secure is essential for your business, for your customers, your partners, and suppliers.
Becoming cyber secure gives you as a business peace of mind and demonstrates to your clients and partners that you are in control; a cyber breach could bring your company to its knees and more companies are finding that they need to prove their business IT security measures to obtain contracts.
So how secure is your company?
Can Your Business Tick All 10 Cyber Security Points?
Encryption is King: You should be using an encrypted emails to communicate work-related information within your company. Companies who use spam filtering technology have emails automatically located and removed that appear to be phishing attacks. In addition, all devices should be encrypted – your computers, laptops, mobile devices. By encrypting your IT equipment, you are ensuring that should any device fall into the wrong hands, the information contained within remains securely locked.
Admin is Boss: Setting up admin rights on all devices may not go down too well with your staff, but it gives you that added layer of protection against somebody unwittingly downloading a rogue software program or app. Having Admin rights means your employees have to ‘request’ to download anything and everything including adding a printer, downloading iTunes, and updating systems. It may be a pain, but it keeps you all safer.
Prepare For ‘What If’: Do you have a cyber response plan? A disaster recovery plan? A business continuity plan? If you DO suffer a cyber security incident, do you know what to do? Who to turn to? Do your staff know what to do, and perhaps just as importantly, when and how to do it? Planning for the worst may seem pessimistic but ALL businesses are targets of cyber criminals. Any plans that you do have need to be revisited on a regular basis to ensure they remain current, and all employees need to be aware of their rights and responsibilities.
Learning is for Life: Do not underestimate the importance of Cyber Security training for every single person within your organisation. Businesses have collapsed following a cyber-attack, not from the initial incident on its own, but because a staff member was unaware and did not report the incident in time. Getting hit is bad enough but getting hit and the attack being ignored can allow your systems to be ripped to shreds, to be unrecoverable. By providing regular security training to all members, everybody will be aware of what to look for and how to react.
Trust No One: Adopting a Zero Trust policy may sound negative to implement within your positive company culture, but attackers are bloody good at impersonating people. The email that appears to be from within may actually be a false email; we don’t know the exact number of companies that have fallen foul to ‘believing’ an email was internal when it was fake, but we have direct experience of working with companies to whom this has happened. When your boss instructs you to transfer £X in a seemingly genuine email it is better to risk their wrath by double checking than to transfer £X to a cyber criminals’ pocket.
Passwords Shmarshwords: How many years have the IT bods been banging on about passwords? Forever! But they remain as important today as they ever have been. Your business needs to have a strong password protocol and ensure this is being adhered to by everybody within your company.
Work From Home: Once upon a time we all went into the office to work; and if we went out and about, we carried physical briefcases. Now we work from home, on the train, in coffee shops, in hotels, in customer’s offices; we have the capability of working anywhere at any time. And when we do so, we offer up all our business data to anyone who cares to snoop. Unless you have set security procedures in place to guarantee that all company information is only available on company owned devices that have been encrypted and use encrypted networks.
Backup. Backup. Backup: So important, they named it thrice…. Do not underestimate how crucial business backups are. To be really secure you need more than one backup, and all need to be automated, encrypted, and regularly checked to make sure they are doing what they are supposed to be doing – saving your data so that should disaster strike you still have everything you need. Ransomware has destroyed companies that have no access to separate backups – and it could happen to you.
Block and Lock: Your antivirus needs to be business grade; to be able to protect you at the level needed to lock out intruders. This means you need to pay for it, and it needs to be protecting all your business IT equipment. Once installed it should pretty much run in the background, but you do need procedures in place to ensure it is updated when required and doesn’t expire. There can be no gaps.
Ask an Expert: You are the expert in your field – you know your business inside out; we don’t. But we do know Cyber Security, and we do know how to protect all types of businesses, from one-person work from home to small businesses with two or three people and computers, through to multi-site, national and international companies. We know how to do this because we are qualified to do so, and this is what we do for our clients on a daily basis.
If you are serious about your business cyber security and want help to gain Cyber Essentials qualification to tender for contracts, demonstrate you are secure to customers and market yourself as a professional company, then drop us an email and we’ll help you on your journey.