How a cyber security policy can keep hackers at bay
As businesses, we need to be ever-vigilant to ensure we’re one step ahead of cyber threats and secure our data, technology, and networks from increasing threats. A cyber security policy can provide a comprehensive and proactive response to threats of this nature that can be shared with your entire team.
Digital technology is open, and that openness brings risk
The UK is recognised as one of the world’s leading digital nations, and so with that reputation comes responsibility. Such threats are growing in sophistication and can wreak havoc when they succeed. However, with rising awareness around the evolution of cyber threats, comes our ability to increase our defences.
According to a government survey, companies are increasingly considering cyber security as a crucial issue for their overall business strategies. This exposure to cyber security risks is highlighted by the National Cyber Security Centre’s cyber threat to UK business 2017 report. The government’s newly launched National Cyber Security Centre is designed to offer help and advice to businesses navigating this modern reality.
What are the threats?
The range of threats that organisations face varies considerably from accidental data breaches and ransomware outbreaks to more sinister and covert targeted attacks. Despite this, businesses can still prepare for any eventuality.
Depending on the type and size of your business, the key to success is to have confidence in your systems and policies. After implementing these procedures, you can incorporate a combination of technology and automation, people and skills, and policies and processes.
A robust cyber security policy
For SMEs, strategic thought is necessary and relevant. Simple inclusions in your cyber security policy will increase your safety. Once the most basic policies are in place and adhered to, you will then be able to recognise further, more advanced steps.
The below list is by no means exhaustive, but can be tailored to address the potential risks to your business:
1. Emphasise the importance of consequences
It’s vital that your team is aware of the risks associated with sharing information and relying on technology to conduct activities.
Lost or stolen data can seriously affect those involved, as well as severely jeopardise the company, particularly with the new GDPR legislation now in place. Focus beyond what systems the hackers can penetrate, to consider the damage that will occur if they do. Procedures, therefore, need to be in place to deal with the repercussions of a security breach.
Instead of asking, “How can I make sure our systems can’t be accessed?”, consider:
- If hackers successfully penetrate our network, what will they be able to access?
- How can we make sure they can’t open, share, print or download any sensitive files?
2. Teach effective password management
Passwords can make or break a company’s cyber security system. Therefore, a strong password can positively impact the likelihood of experiencing a cyber breach. Worryingly, most passwords are too common, too closely associated with an account holder or used across multiple websites.
Ensure your security policy gives your team guidelines on password requirements. Also tell them how to store passwords, how to share these passwords and how often your team should update these.
Nowadays, even the most basic password cracking software can easily decode six characters. Passwords should, therefore, use a random combination of upper and lowercase letters, numbers and symbols; and consist of at least 11 numbers.
3. Detect phishing and scams
Take time to give employees examples of previous, industry-specific or current phishing emails and scams. Consequently, this will better enable them to spot something untoward.
If they receive anything that looks suspicious, even if it appears internal, insist that they must always check the origin. If in doubt, talk through the potentially suspicious email with your IT department.
4. Apply updates and patches
Update anti-malware programmes, web browsers and other software when prompted. Complete full malware scans at least once a week.
5. Ensure employees apply Privacy Settings
Encourage employees to implement maximum privacy settings on their social media accounts. Limiting the amount of personal information available online reduces vulnerability to phishing attacks as well as identity theft.
6. Protect sensitive information
Include instructions on how to handle confidential information, both inside and outside of your organisation. This information may include credit card details, email addresses, and customer names and addresses. If stolen, sensitive information can compromise the individual and the company. Therefore, send these via one of the many secure file transfer systems available.
7. Lock computers and devices
It is recommended that employees lock their screens or log out from their applications to prevent any unauthorised access when they are not in use.
8. Secure portable media
When using portable devices including mobile phones, tablets and laptops, implement strong passwords, 2-step verification and fingerprint validation to limit access. In addition, when bringing portable media in from outside the workplace such as USB drives and DVDs, it’s important to scan them for malware when connecting to the network.
9. Report lost or stolen devices
Advise employees that stolen devices can be an entry point for attackers. As a result, employees should immediately report lost or stolen devices. As IT departments can remotely wipe devices, early discoveries can often make all the difference.
10. Encourage and empower employees to take an active role
Encourage employees to be on the lookout for any suspicious activity and report this to an IT administrator. However, even if employees become aware of an error after it has happened, reporting it to the IT department can minimise damage.
The government recognises that falling victim to cyber crime can be devastating for businesses. SMEs make up 99.9% of Britain’s 5.5 million private business sector, and so any risks can be a real threat to the whole of the UK economy.
In answer to these concerns, the National Cyber Security Centre has produced this Cyber Security: Small Business Guide. It contains advice and recommendations, in five steps:
- Backup your data
- Protect your organisation from malware
- Keep your smartphones and tablets safe
- Use passwords to protect your data
- Take steps to avoid phishing attacks
Expert IT support
Contact us for more information and support on building a comprehensive cyber security policy and managing your cyber security processes.