If you’re unsure how to get started with cyber security, here are 10 tips based on advice from the National Cyber Security Centre (NCSC) to help ensure your business is protected online. By following these tips, you’ll be in good company: the cyber-security body, which is part of the Government Communications Headquarters, claims that the majority of companies on the FTSE 350 follow its advice.
1. Have a cyber risk management plan
To help your business identify and avoid cyber security risks, create a cyber risk management programme.
Everyone will need to know how this risk management plan works, including all employees, contractors and suppliers. Your approach will need to evolve alongside changes to technology and the risks faced by businesses.
2. Ensure 'secure configuration'
Secure configuration refers to security measures that your business should put in place when building and installing computers and network devices.
It’s important to develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities – automated patch management and software update tools are some of the ways to do this.
3. Keep home and remote workers secure
Having people working at home, or remotely, can create new risks such as the loss or theft of devices or sensitive information.
Steps you can take to prevent these include checking devices encrypt data, which will protect data on the device if it’s lost or stolen, and ensuring staff know how to report any problems.
Putting the right procedure and policies in place is more important than ever with many people currently working at home due to Coronavirus.
4. Be prepared for the worst
Security incidents are all too common. In the 2020 UK Government Cyber Security Breaches Survey, almost half (46% ) of businesses had identified cyber security breaches or attacks in the last 12 months.
So, it’s important to prepare for the worst and invest in setting up policies and processes to help manage an incident and reduce its impact.
5. Protect your business from malicious software
Malicious software, known as malware, includes the likes of viruses and ransomware. In short, it is any code or content that could pose a threat to your IT systems, by disrupting your business or leading to the loss of sensitive information or data.
It’s vital that all of your employees know how to recognise and protect themselves from malware. You can also put in place robust anti-virus tools on all devices.
6. Manage user privileges
Only give users the minimal necessary level of data access, system privileges and rights needed for their role to minimise risk.
This means that if the account is misused or compromised the impact will not be more severe than it needs to be.
7. Monitor all networks, systems and services
Proper monitoring enables you to assess how systems are being used and whether they’re being attacked.
For example, unusual network traffic – such as connections from unexpected overseas locations – or large data transfers should automatically generate a security alert.
8. Ensure network security
Your systems are vulnerable to attack through connections from your networks to the internet, and other partner networks.
So, make sure your network security is robust. There are many types of network security, including firewalls, email security, and anti-virus software.
9. Control use of USB sticks, mobiles and 'removable media'
Removable media is anything that can be plugged into a computer, from a USB stick to a smartphone or tablet. These can store and transfer a lot of data and information which may be sensitive or confidential.
When using these devices, information can be easily lost – with potential damage to your business’s reputation – or malicious software can be introduced.
So, develop and implement policies and solutions to control and minimise the use of removable media, and ensure everyone knows about these policies.
10. Educate your team
A common theme among many of the tips for robust cyber security is the need to involve and educate everyone in your organisation.
So be sure to establish a security-conscious culture, providing training and ensuring employees feel empowered to report incidents without fear of recrimination.
These are just basic steps to get you started in your journey towards creating a more secure business. But there is much more that you can do.
For those risks that can’t be eliminated solely by good risk management, cyber insurance should be considered. Islands Insurance has partnered with Cyber Insurers who can offer an insurance solution for all companies and budgets. As part of Cyber insurance, many of our Insurers provide access to complementary risk management tools and resources which can further assist a company in reducing their cyber risk and the disruption, financial loss and reputation damage that a company could suffer as a consequence.
If you require a cyber-crime quotation, require advice as to the types of cyber exposures your business may be exposed to or any further information in regards to the covers and risk management solutions available, please contact Mike Norbury at Mike.Norbury@islands.je.