10 Steps to Cyber Security for Business
1. Secure Connections.
Use a firewall to secure your Internet connection. Protect your business Internet connection with a firewall. This effectively creates a ‘buffer zone’ between your IT network and other, external networks. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed onto your network.
2. Secure Configuration.
Choose the most secure settings for your devices and software. Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease. So, you should always check the settings of new software and devices and where possible, make changes which raise your level of security.
3. Secure User Privileges.
Control who has access to your data and services. To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.
4. Secure Data.
Protect yourself from viruses and other malware. Anti-malware measures are often included for free within popular operating systems. For example, Windows has Defender and MacOS has XProtect. These should be used on all computers and laptops. Smartphones and tablets should be kept up to date, password protected and where possible, you should turn on the ability to track and erase lost devices. Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines, whenever they can.
5. Keep Updated.
Keep your devices and software up to date. No matter which phones, tablets, laptops or computers your business is using, it’s important they are kept up to date at all times. This is true for both operating systems and installed apps or software. Keeping up to date is quick, easy, and free.
6. Reduce Risk.
Have an Information Risk Management Regime. Determine what risks your business is willing to tolerate and what is unacceptable. Produce guidance and statements that help individuals throughout your business make appropriate risk-based decisions. An overarching technology and security risk policy should be created to help communicate and support risk management objectives, setting out the risk management strategy for your business as a whole.
7. Monitor Systems.
Incident monitoring and management. Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.
8. Educate Staff.
User Education and Awareness. Promote a risk management culture – risk management needs to be organisation-wide, driven by corporate governance from the top down, with user participation demonstrated at every level of the business. Provide appropriate training and user education that is relevant to their role and refresh it regularly. As a responsible company you should not post pictures of your staff online without their permission or if they have a role as an investigator.
9. Removable Media Controls.
USB and DVD policies. Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to the company system.
10. Home and Mobile Working.
Protect data and systems out of the office. Develop a mobile working policy and train staff to adhere to it. Protect data both in transit and at rest with strong passwords and encryption on devices.