Plan in advance and establish where you’re most likely to face risks in order to target your efforts more efficiently. “Conduct a security audit: identifying your business’s security strengths, weaknesses and opportunities for improvements will provide a good foundation for your future decision-making process on appropriate technology and other measures,” advises Emm.
David Olsson, managing director of IT outsourcing firm Soitron UK, adds: “All businesses will have different requirements, but the first step is really to identify your pain points and where your business might be most at risk. For most companies, these risks will either sit with your customers, employees, suppliers or your assets.”
Step 2: Identify your users
Businesses should always be clear about who’s using their networks, says cyber-security adviser Vince Warrington. “Every single employee, contractor, temporary staff member or even someone on work experience needs to have unique access to your network, easily identifiable as themselves,” Warrington says. “Don’t allow generic usernames like ‘temp’ or ‘admin’, and make sure everyone uses a good password – the National Cyber Security Centre recommends using three or four non-related words as a good password that’s easy for people to remember – ‘BeddingSunglassesPictureToast’ is much easier to recall than ‘HSVjpy43mxw8z5!!’, and harder for a hacker to crack than ‘Password123’.”
Step 3: Educate your staff
Warrington says: “You might hear various security vendors saying things like ‘Users are the weakest link’, but they can be your greatest asset in defending against cyber attacks. Don’t just rely on a once-a-year, 10-minute online course – although they do have their place – but instead think of it as education, not training.
“You need to be constantly making your staff aware of what cyber-security risks are out there. Did you avoid being hit by WannaCry? Good, but did you then send a message to your staff saying: ‘You’ve seen the news. We’re protected, but this is why we ask you not to open attachments or click on links in emails’? A constant drip feed of information goes a long way – and don’t be afraid to use humour in your communications, or a reward system for good security behaviours.”
Step 4: Protect your customer data
Under the General Data Protection Regulation (GDPR) that came into force in 2018, legislation puts firms under increased pressure to take more care when looking after customer data or they may face a fine. “Businesses have to look more closely at their information security strategy and consider the impact of a catastrophic loss of data,” says Olsson.