Are you taking the right cyber precautions?

5 Aug, 2019

This five minute read will give you some great pointers developed specifically for SMEs. Find out what you can do for free today!

Strengthen your front line defences

Humans are fallible so they are always going to be a risk.

It’s essential to train your team so they are able to spot red flags, such as a supplier suddenly asking for an invoice to be paid to a new bank account or an email purporting to be from the MD asking them to buy lots of gift cards.

Luckily, there are some great free online resources to help you train your team to the same level. The National Cyber Security Centre’s ‘Stay Safe Online: Top Tips for Staff’ is a good starting point and the Take Five campaign website provides a free toolkit to educate against financial fraud.

Make sure you share stories about cyber security all year round and develop a culture of sharing attempts on your systems with your team as well as your IT provider. This helps keep the topic fresh in everyone’s mind and is more relatable than hearing about corporate cyber incidents in the news. In our area, you can also invite the local police to your business to give a talk about cyber security, apparently it’s very hard hitting when it comes from someone in uniform!

We recommend putting in place policies to guide your staff, e.g. what to do if suspicious activity is spotted. Not only is this reassuring for staff, it protects your business and means you can take some form of action if an employee puts your business at risk, just as you would if they consistently forgot to alarm your building or close the windows before leaving.

Don’t forget, you can report attempted incidents to Action Fraud.

Take the vice out of device

Put a stop to using memory sticks to transfer data, use a site like www.wetransfer.com instead. Why? Memory sticks and portable hard drives can transfer viruses onto your system. Not only that, they are also prone to being stored insecurely, putting your data at risk.

Make sure you have a policy about staff using their own laptops and phones. Some companies ban their use completely (and staff know they risk disciplinary action if they break this rule), others have caveats. For example, you could allow staff to use laptops if they have up to date anti-virus on them. If employees are allowed to use their own phones, they should be protected with a PIN or by facial or thumb recognition. Ask your IT provider before setting up emails on an employee’s phone to ensure that you can remotely wipe the emails should they lose the device.

Lock down your users

Look at the data that’s on your network and think about who really needs access to it. You could be surprised by what you find… maybe a new starter can’t access your CRM, but could they access a CSV with all your customers’ email addresses that’s stored in your marketing drive? That data would be really valuable to a competitor!

If you wouldn’t want someone to see something on your desk, then you need to secure it on your network either by password protecting it or using shared drives with access restrictions.

Make sure you’re doing these three simple FREE things

1. Disable auto-run which automatically executes files, including malware.
2. Make sure the majority of users on your network are set up as users and not admins as that restricts what they can do.
3. Finally, ensure that users can’t install programmes. It can be frustrating for them having to ask an admin, but it protects your network and therefore safeguards their jobs. No one wants to be the person who installed something that took the business offline for a few hours or even forever.

Next steps

If you’re interested in increasing your business’s protection, but don’t feel that ISO 27001 (the Information Security Management Standard certification) is quite right for you at the moment, why not consider our ISO Lite Toolkit? It provides over 30 documents which are all compliant with ISO 27001 which you can implement at your own pace. You may like to do this alongside Cyber Essentials certification. One of our consultancy clients, IASME, offers a free download of the Cyber Essentials self-assessment questions from its website.

Once you have embedded the ISO 27001 compliant documents in your business, you can ask us to visit and certify your management system to ISO 27001 (additional costs will apply).

Credit

Our local Chamber of Commerce (Herefordshire & Worcestershire) has compiled an eight part guide to improving cyber security for SMEs. Jill, our Marketing Specialist, was delighted to be asked to present on the four topics shown above at two Chamber Cyber Forums recently and thought the content would be useful to our clients.