As seen on
Cybersecurity is more important than ever when it comes to building your business. Any company that fails to protect its data sufficiently risks losing the trust of its customers and potentially being liable for the cost of any damages caused, both related to money lost or emotional distress caused.
The average cost of a cyber security breach for a UK business is estimated to be around £8,460 (and £13,400 for larger businesses), so getting caught without a proper cyber security strategy (or sufficient Cyber Liability insurance) simply isn't worth the risk.
The National Cyber Security Centre states that while it’s important to make sure your security methods are tailored to your business specifically, there are a number of steps almost all businesses could take to help reduce the risks of a cyber attack, so we've put together 10 steps all businesses can take to protect them and their customers from the dangers of cyberspace.
As with any form of business risk, it's vital to make sure you're properly insured in the event that something does go wrong. NimbleFins in-depth guide to Cyber Liability insurance has you covered, so take a look if you're wondering how to cover your cyber risk sufficiently.
10 Steps To Cyber Security
1. User Education and Awareness
It’s vital you explain cyber-best practice to any staff member who handles private data. Doing so can help mitigate the risk of entirely avoidable data breaches, such as leaving a USB stick with no password on a train or bus.
Managing the forms of data your staff can store on personal storage drives reduces the risk of hackers being able to access it if something is ever accidentally lost. Measures such as requiring a VPN access for remote working and not allowing confidential data to be stored on removable media drives can help avoid the chances of something going badly wrong if a USB or laptop is lost or stolen.
2. Malware Protection
Online hackers are smarter than ever, so even though it might feel like we are well past the days of opening suspicious emails the risk of employees accidentally opening malware into your internal network is still as prevalent as ever.
Yes, it might be that they’ve accidentally opened a link they shouldn’t have, but it might be embedded onto their personal USB drive or through a link they click through on a seemingly reputable website. Taking steps to install world-class anti-malware on all company devices and making sure employees are properly clued up as to what a ‘bad’ link or website might look like will help avoid unnecessary risk.
3. Media Management
Making sure you’re on top of what employees are taking out of and putting into your internal networks is vital. While limiting it can feel like a chore, doing so limits the chances that an employee can get caught out, either with confidential data on a removable drive or bringing unknown programs into the network.
It could be as simple as installing a seemingly harmless program onto their work computer—that’s all it takes, so ensuring employees need to run everything through a network administrator (and the relevant anti-malware scanning/prevention methods you use) will result in a significantly reduced risk of a cyber breach.
4. Secure Device Configuration
We’ve all been guilty of putting off a new patch or update on our computer or mobile device. They can often feel unnecessary, and if you’re in the middle of something it’s far too easy to hit ‘remind me later’.
However, when you’re running a business, these updates contain vital patches for the newest and most dangerous methods cyber attackers are using. Putting them off for even a few hours could create a recipe for disaster, so it’s imperative that all employees install them at the earliest possible moment.
Scheduling these patches for out-of-office hours can reduce any impact on productivity, but if an update ever is required while staff are working make sure they’re clear on why they can’t afford to install it at a later date.
5. User Privileges
While businesses naturally manage the privilege of each staff member when it comes to internal business data, it may not occur so naturally for customer information. If you use a Customer Relationship Management (CRM) tool, consider which of your teams need access to which sections, and if there are any they wouldn’t/shouldn’t have access to.
Doing so again mitigates the risk of something going wrong if there is a data breach. If the breach occurs to a user whose access is highly limited, the amount of damage able to be done can be contained. Data breaches can and do happen, so keeping what could be lost to an absolute minimum for each employee is well worth the time.
6. Incident Management
When something does go wrong, it’s important everyone in your business knows the process to avoid as much risk as possible. Make sure your cyber-incident management plans are well-established, both for your employees and those responsible in your IT department for responding and recovering.
There are a number of excellent specialists out there who can help prepare your staff and IT team for what to do if something does go wrong. If it does, make sure to log as much information as possible, and be sure to report any criminal incidents to the relevant law enforcement.
7. System Monitoring
Establishing automatic systems to alert you when there is any form of unusual activity on your network is vital. It can help avoid cyber breaches that a human might not be able to notice immediately, which could avoid attackers having unmoderated access to your data and files.
There are a number of anti-malware softwares that can take care of this for you, so as long as your IT department is well trained on what it is they’re looking for you should be able to spot potentially malicious activity as soon as it occurs.
8. Home and mobile working
More important now than ever, making sure your staff can still do their job effectively from home is a core part of almost every companies future plans post-COVID. While the flexibility is great for employees (and was required during COVID-related lockdowns and travel restrictions) it does open your business up to some risks it wouldn’t face if everyone was in the office.
Training staff on how to implement your cybersecurity policy is just the beginning, as it’s your responsibility as much as theirs to ensure it’s actually adhered to. While you may not want to monitor your employee’s activities 24/7, limiting what they can install on their work devices, restricting the data they can use on personal devices and making sure all computers/mobiles provided by your business come pre-installed with the proper anti-malware are simple ways to avoid a cyber-disaster.
9. Network Security
The most obvious of all, making sure your networks are regularly tested, checked and updated for loopholes can help to avoid anyone getting in easily. Be sure to test your filters too—even if an employee does click on a malicious link, there are plenty of ways your networks team can avoid any damage being done through automatic warnings (or even refusing access entirely to suspicious sites).
10. Prioritise Cyber Security
While some staff might find cybersecurity ‘boring’, it’s imperative that they understand the reasons why it has become a priority for your business. This starts from the very top, so make sure you’ve established a clear cyber strategy for how you intend to change/improve your business’s cyber defence.
Cybersecurity should be approached with a similar focus as other regulatory, operational or financial risks, given the fact that data breaches could create regulatory, operational or financial problems for you. Creating clear plans and guidelines, implementing training and protocols and transforming your cyber strategy from the top down will help your company to get on board as quickly as necessary.