Cyber security is a topic that has been widely written about – barely a week goes by without another high-profile cyber breach making headlines.
However, many small and medium-sized businesses are overcome by the scale of the risk and, paradoxically, fail to take any preventative action at all.
The risk is real – and significant – but it is easy to ignore until it happens to you.
The key is to start small. No business will ever be totally immune to all cyber risks, but working towards cyber resilience needs to be on every business owner’s agenda.
There are a number of steps you can take immediately, using your own internal resources:
Avoid unnecessary features. Look closely at what you are implementing and consider questions like, “Do I really need all these features turned on?” Or, “Do I really need that software?” Turning off anything unnecessary will go a long way to keeping things secure.
Consider the permission levels of staff. Ask yourself, “Does that person need that level of privilege?” Restricting access to the minimum amount necessary is a simple way to reduce your vulnerability.
Backup! There couldn’t be a more vital time to do this with the level of ransomware threats that are out there at the moment. It is not sufficient to do ad hoc backups; implement a proper backup regime and test it:
o Backups of the most critical data to your business should be done more frequently and ideally with a copy offline and offsite.
o Offsite backups are becoming easier as cloud-based backup services are plentiful.
o When selecting a cloud-based backup service, be sure to assess the level of encryption offered so that you can be sure that your data in the cloud is safe.
o Patch – everything and regularly. Simple.
Instilling a culture of cyber security
Many breaches are caused by human error, so making sure that your team is aware of the risks (for example of clicking on an email link that may expose the organisation) is vital.
Make this part of the induction process for all new employees, and consider how to build cyber security into any new projects upfront; make it part of all of your business processes.
Take a multidisciplinary approach; cyber security is no longer just an IT consideration, you need to consider it from legal, communications and operational perspectives, too.
Cyber security health checks are a good way for a small business to quickly assess the strengths and weaknesses of the organisation’s IT security controls, and to measure them against best practice.
Developing cyber resilience is an ongoing process for all businesses and can seem an insurmountable task; however, there are immediate steps that you should take to start the process and kick-start your journey to cyber maturity.
Rob McAdam, Pure Hacking