Cyber crime can be both complex and costly to recover from particularly if you do not know where to start. Here are our 5 essential steps to cyber security and ensuring you have the basics in place to keep your company safe from the cyber threats.
Step 1 – What data do you hold and how do you classify it?
Understanding what knowledge and value you hold within the organisation through different pieces of data you store as a business is key to a good cyber security plan. Not all data is classified equally, your employees personal data doesn’t have the same value as email content nor the same value as your Sage accounts backup file.
Consider the various amounts of data your company works with on a day to day basis, how are those machines configured, secured and who has access to them, does the PA really need access to the entire file server or a HR person need access to the Sage accounts package?
Classify and categorise your data into how important it is to your business, who needs access and what the backup process is for each piece of data.
Step 2 – Protect, detect and secure
Protecting the information your business needs to run must be key to day to day operations. Encrypting your systems, restricting access on a ‘least privilege’ basis and ensuring that employees must only have access if specifically required and not by default.
You should be monitoring network activities, checking firewall configurations and ensuring proactive anti-malware protection is in place should be the minimum your business should have in place to control your networks incoming traffic and identify potential threats before they become a problem.
Step 3 – Stay ahead of the curve
Technology moves quickly, but cyber threats move quicker still – with new versions of malware appearing every day – now more than ever its crucial that systems are maintained, advanced threat detection in place and patches for all software on the network are kept up to date.
You don’t need to use the software on a daily basis for a vulnerability to be exploited, that piece of software on your desktop that hasn’t been run for a few weeks may already be out of date, exploited and waiting to infect the network.
Keep devices, both mobile and office based up to date and ensure policies and processes around these are controlled.
Review documents and information laid out by government around cyber security this gives you a good perspective of what needs to be the minimum your business should adhere to.
Cyber Essentials is the certification and audit process RDS Global can support your business with, taking your company and its key members of staff through a training and auditing process to ensure that hardware, software, policies and procedures are all brought in line with GDPR and Cyber Essentials.
With over 2,000 small businesses in the UK already Cyber Essentials accredited – now is the time for you to demonstrate to customers and suppliers that you take cyber security seriously.