SMEs have to juggle a huge number of tasks to stay profitable and grow. Balance the books, nurture staff, generate new business and maintain cyber security.
So it’s not surprise that cybercrime is now the 2nd most reported economic crime affecting 32% of organisations – PwC Global Economic Crime Survey 2016.
However there are ways you can reduce your risk and avoid becoming an easy target for cybercriminals. And it doesn’t mean spending large sums of money to protect your business. According to a recent report -
Follow our 15 tips for improving your cyber security practices.
This include knowing where your data is held and whether it’s on site or in the cloud. Know who has control, whether it is an in-house IT department or an outsourced provider? Once you know what you’re protecting and who is protecting it you can make sure you have a firewall, anti-virus and anti-malware software installed as the most basic level of protection.
Understand what systems you are using to protect yourselves versus what is available on the market. Cost is always a factor when deciding on new systems and there will be some precautions you can’t afford. But knowing where you need improve protection means you can monitor these vulnerabilities closely and you will know where to improve when it’s viable.
A cyber-security policy ensures all staff understand what is expected and how to deal with an attack or breach. Also having the right people in place to enforce and monitor the implementation of the policy is vital to its effectiveness. Overall responsibility should sit with a senior manager who over sees the companies wider risk profile.
Firewalls prevent external access but internal employees can be a weak link. Restricting access to sensitive information held in dedicated folders or on servers will prevent disgruntled and coerced employees from access information they shouldn’t. Access can be restricted using secure passwords which are changed regularly.
With more and more employees working from home or bringing personal devices into the workplace there must be strict guidelines around their usage. Ask your IT department if you have one to approve devices before they are used for work purposes. Or at the least make sure anti-virus software is installed, software is up to date and password protection is in place.
Educating all staff members about why security matters and how they can help will not only reduce the risks but increase the response times when a breach occurs. Providing regular training sessions and up to date policy documents will encourage staff to put the guidelines into practice.
Always be prepared. Even the most secure systems can be infiltrated so always have a plan in place to deal with a breach and test it. Setup firewalls and anti-virus software to alert you when something unusual is happening so you can put your plan it to action as soon as possible.
A traditional signature-based firewall is no longer suitable to protect your business against attacks. Whitelisting will be required to prevent software downloads along with anti-malware, anti-virus and firewalls for wireless and wired access points. If you don’t have the expertise to monitor and update your own firewall consider using a managed services provider that will handle this for you.
Outdated hardware and infrastructure can cause easily exploited vulnerabilities that software updates can’t solve. Where possible update your hardware and infrastructure every 2-3 years to stay up to date with the latest technological development and improve your protection.
Cyber security is an ongoing process which needs to be regularly monitored and updated to be effective. Test the systems you have I place and keep accurate records so you know where improvements can be made and where your weakest links are. Testing and improving your known vulnerabilities will make you safer over time.
As part of your drive to improve cyber security you may buy new hardware such as desktops or servers. Make sure when disposing of old hardware that stores data to remove the hard disks and destroy them. This includes removable storage media such as USBs, DVDs and CDs. The destruction of these should be carried out by a reputable security firm.
Carry out official background checks on prospective employees to check for previous criminal convictions. Check contracts between technology vendors and service providers to make sure there are consequences for failure to provide the products or services they have promised and that they comply with any relevant regulations. Pay a visit to companies that will be handling any customer data to check out their security, backup procedures and personnel.
You might think that physical security doesn’t apply to cyber security, but if someone can get physical access to a PC they can provide access to others online or install a virus. Install restricted door access such as assigned key fobs to monitor who enters the office. This includes external providers of services such as cleaning and maintenance.
As the threat of cyber security is always changing and evolving any time spent waiting or delaying implementing or improving your cyber security plan leaves you further behind and at greater risk. Even if you only start with a few of these tips start today and you never know when a cyber-attack might take place…
For further help with managed firewalls, secure networking or secure telephony solutions contact us or call our team on 0345 004 4040