First of all, an apology up front for stating the obvious. Here goes:
Every business is unique
What might not be quite so obvious, though, is that every business needs a tailor-made cybersecurity plan. One size definitely doesn’t fit all. No two businesses have identical equipment, premises, staff, and services, and no two businesses share identical philosophies and processes, strengths and weaknesses.
Our first task, with every new client, is a cyber risk assessment. We carry out a survey on every aspect of the company’s IT system, and the results will help us to compile a bespoke security plan. Why not take our free, do-it-yourself cybersecurity risk assessment.
As a general rule, employees who have many years’ IT experience will make fewer errors than newbies. Daring to generalise further, I’d say that a teenaged employee will have a more cavalier attitude towards procedure and security. I mean, let’s face it: did any of us follow all the rules and consider every risk at that age?
However well-meaning, hard-working, and intelligent your staff are, they can still do a lot of damage simply by not knowing. Naivety can be disastrous!
- Do your employees know how to identify a potential phishing scam? Would they be able to identify a potentially harmful attachment? Are they aware that these threats are common and dangerous?
- How do your staff treat passwords? Do they disclose passwords to one another? Do they re-use passwords for convenience?
- Do your staff understand that printers, scanners, and photocopiers are vulnerable to cyberattack? That any device with Internet connection provides a way in for hackers?
Management and policies
Okay, now let’s talk about you: the business owner. Company policies are your responsibility to put in place, monitor, and enforce. Do your policies and procedures support cybersecurity?
- If staff use their own devices for work, do you take steps to ensure that company data is protected? Do you have clear rules in place? Do you use Identity and Access Management?
- Do you ensure that passwords are changed routinely?
- Is there a policy in place to protect printed data?
- Is staff training provided?
- Do you have a business continuity plan?
Hardware and Software
Not all IT disasters are down to human error. Equipment needs upkeep and monitoring.
- Has all software received necessary updates?
- Is online connectivity between devices (Internet of Things) checked on a regular basis?
- How old are your computers? Have all required system upgrades been installed?
- Are network security and firewall systems regularly updated and monitored?
- Is your back-up system regularly updated?
Why not take this FREE cyber risk assessment!
Article produced for and on behalf of Fortify247 Ltd by Hazel @ Folio Copywriting