Cyber Security is becoming more and more prominent for businesses, with security improving and hackers becoming more devious to circumvent those systems, and the consequences of breaches becoming more severe and expensive. The breaches that normally make the headlines are the likes of Facebook and Google being fined millions of US dollars. However, every business out there is subject to the law and we are now starting to see the ICO fining SME’s for data breaches because they have not taken basic steps to protect their business and clients data. (https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/06/warning-to-smes-as-firm-hit-by-cyber-attack-fined-60-000/)
As a small business owner what can you do to protect your organisation?
The first steps into IT Security can be daunting it is a massive field and industry, but there are steps that businesses can take on their own without huge expense.
Step 1 – Secure your devices with passwords, whether it’s a PC, Laptop, Tablet, or mobile phone all company devices should be password protected.
Step 2 – Create and IT asset List of all devices the company owns and who they have been issued to and who has access to them.
Step 3 – Use 2-factor authentication on all devices (this is where you go to login to a PC/Laptop and it will send a code to your mobile to enter before letting you access it.
Step 4 – It may seem obvious but put antivirus and firewall software on all company devices, there are many companies out there and an annual subscription is normally about £40 for up to 10 devices.
Step 5 – Keep your software up to date whether it be operating systems, antivirus, firewall, or accounting software. Keeping software up to date is important as it closes potential vulnerabilities and weaknesses in the program.
This is where you may need some guidance from an IT professional
Step 6 – Teach Staff to recognise Phishing Emails, train them to be aware about IT security, not leaving machines unattended while logged in, locking devices when they leave them, being aware of who is around them when they are working on sensitive/confidential information, what constitutes a Data breach, their responsibilities under legislation etc.
Step 7 – Network restriction – Find out if the office Router has a built-in firewall – if it doesn’t replace it with one that does. This protects the entire network, classed as a boundary or perimeter firewall. If you are replacing the router, I would also go for one that can setup multiple separate networks, so you can isolate guests away from your main network. Do not let staff connect noncompany devices to the main network, guest network only.
Step 8 – Control Access to software and installation by creating admin and user accounts on the devices.
Step 9 – File restriction, if devices are connecting to a common server restrict files for users. (e.g. only accounts have access to finance files, only HR have access to personnel files), if it’s not relevant to their job they don’t need access.
Step 10 – Create an IT Policy and Business Continuity Plan. This will help Staff understand their responsibilities and what they can and can’t do, and if something does go wrong how to react to it, to ensure minimal damage to the business and your clients.
This list is by no means exhaustive, and could keep going on forever, but by doing the above you are taking reasonable steps to protect your business and clients information. This will also put you in a good place to start to implement a full Information Security Management System like ISO 27001.
It is recommended that if you decide to implement an ISMS (Information Security Management System) you have professional support of someone with implementation expertise.
What are the Benefits of implementing and ISO27001 ISMS?
- It will ensure your security on systems and information are robust and reliable.
- Increase your businesses resilience to any attacks
- Ensure quick and efficient responses to any security incidents
- Improve management processes
- Reduce business Risk
- Protect information from unauthorised elements
- Assess risks and mitigate the impacts of a breach
- Increase staff training and awareness of potential threats
- Reduction of IT incidents and severity of incidents
- Greater control of IT assets and systems
There are other benefits aside from those relating to IT security these relate to customer confidence:
- An ISMS will align with requirements set by clients and some suppliers
- Increased chances of getting onto Preferred supplier agreements
- Increased client confidence
- Being assessed and certified by a third party for industry best practice
- Being recognised as adhering to an Internationally recognised standard thereby increasing reputation of the business and potential to gain contracts/clients internationally
If you would like to find out more on how IBCN could help protect your business and implement security measures complete the form below or contact us on 01376 402069, or email info@ibcn.co.uk