In the past few years, the landscape of IT security has changed. Every day we are hearing on the news about organisations being hacked and brought to a standstill by cybercrime. Things like hacking, ransomware and phishing are causing UK businesses to experience severe downtime, financial losses and data breaches.
With the arrival of GDPR in May 2018, security is only becoming more and more vital for organisations. GDPR or the General Data Protection Regulation will see businesses fined up to 4% of their global turnover or €20 million if they do not have adequate security in place to protect the data that they hold. In this blog, we thought we would look at the Cyber Essentials that small businesses need to get started with their IT security and protecting their businesses and data.
The first precaution that we always recommend to businesses is a Firewall. A Firewall is your network security that protects your perimeter. It will control all the traffic coming in and out of your network and stop things like malware entering your environment. It’s important to understand though that just having a Firewall is not enough. You need to have a recent or next generation Firewall to make sure that you are protected. Next generation Firewalls come with deep packet inspection which makes them more accurate as they scan encrypted traffic. The best way to describe this is a bit like receiving a letter in the post. Deep packet inspection won’t just check the address and the envelope, it will check the contents as well.
A virus is a harmful piece of code that can destroy or corrupt data in your computer system. A precaution that we always recommend to businesses is having anti-virus software installed. Anti-virus will scan your PC for any viruses and remove them. It’s important that you invest in a business-level anti-virus, a free one will not be fully effective.
Spam is unsolicited email that is usually sent to a mass audience. Spam can be dangerous because sometimes phishing emails can be sent that can contain malicious links or attachments, as well as asking for your sensitive information or money. An anti-spam solution will rid you of most of the emails, making your inbox a safer space to work in.
Updating your software regularly is critical to your security. Software vendors will often make updates available to overcome a security flaw. When the NHS suffered from the WannaCry ransomware incident back in May 2017 it was due to software not being kept up to date. Organisations that had installed the Microsoft update two months before were safe from the attack. You need to make sure that you have processes in place to ensure that you are always using the most up to date software available to you.
Back up and Disaster Recovery
Sometimes we can put all the possible precautions in place and an attack will still get through. A back up and disaster recovery plan is your insurance policy if something goes wrong. Making sure that you have access to back ups of your data ensures that you experience as little downtime as possible and makes sure you can get back to your normal operations quickly.
We always recommend having an easy to understand IT policy in place for your staff. If you have pages and pages for people to read the likelihood is that they will not look at it. We recommend that you have a clear and concise IT policy that is easily accessible to your staff. The more likely your staff are to pay attention to your IT policy, the less likely it is that they will click on something they shouldn’t.
End user education
In our opinion, end user education is the most important thing that any business can do to protect itself and its assets. Making sure that your staff are fully versed in what they need to do to stay safe online is the most effective form of protection. If a phishing email was to get through your Firewall and Anti-Spam solution then it is up to your staff to be vigilant enough to not click on that malicious link or attachment.
If you have any concerns regarding cyber security and your business then please get in contact with ACUTEC today on 01675 469020.