10 Steps to Cybersecurity for Business

1. Secure Connections.

Use a firewall to secure your Internet connection. Protect your business’s Internet connection with a firewall. This creates a ‘buffer zone’ between your IT network and other external networks. Within this buffer zone, incoming traffic can be analysed to determine whether it should be allowed onto your network.

2. Secure Configuration.

Choose the most secure settings for your devices and software. Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. Unfortunately, these settings can also allow cyber attackers to gain unauthorised access to your data, often quickly. So, you should always check the settings of new software and devices and, where possible, make changes that raise your level of security.

3. Secure User Privileges.

Control who has access to your data and services. To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.

4. Secure Data.

Protect yourself from viruses and other malware. Anti-malware measures are often included for free within popular operating systems. For example, Windows has Defender, and MacOS has XProtect. These should be used on all computers and laptops. Smartphones and tablets should be kept up-to-date and password-protected; where possible, you should turn on the ability to track and erase lost devices. Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines whenever possible.

5. Keep Updated.

Keep your devices and software up to date. Your business must always keep its phones, tablets, laptops, and computers up to date. This applies to operating systems and installed apps or software. Updating is quick, easy, and free.

6. Reduce Risk.

Have an Information Risk Management Regime. Determine what risks your business is willing to tolerate and what is unacceptable. Produce guidance and statements that help individuals throughout your business make appropriate risk-based decisions. Create an overarching technology and security risk policy to help communicate and support risk management objectives and set your business’s risk strategy.

7. Monitor Systems.

Incident monitoring and management. Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.

8. Educate Staff.

User Education and Awareness. Promote a risk management culture – risk management needs to be organisation-wide, driven by corporate governance from the top down, with user participation demonstrated at every level of the business. Provide appropriate training and user education relevant to their role and refresh it regularly. As a responsible company, you should not post pictures of your Staff online without their permission or if they have a role as an investigator.

9. Removable Media Controls. 

USB and DVD policies. Produce a policy to control access to removable media. Limit media types and use. Scan all media for malware before importing it into the company system.

10. Home and Mobile Working. 

Protect data and systems outside the office. Develop a mobile working policy and train staff to adhere to it. Use strong passwords and encryption on devices to protect data in transit and at rest.

Are you interested in providing training to your employees regarding Cybersecurity? Please use the contact page, let me know your thoughts..