All businesses, big and small, need to ensure that they have processes in place to protect their IT networks and devices from cyber-attacks.
If you’re unsure how to get started with cyber security, here are 10 tips based on advice from the National Cyber Security Centre (NCSC) to help ensure your business is protected online. By following these tips, you’ll be in good company: the cyber-security body, which is part of the Government Communications Headquarters, claims that the majority of companies on the FTSE 350 follow its advice.
1. Have a cyber risk management plan
To help your business identify and avoid cyber security risks, create a cyber risk management programme.
Everyone will need to know how this risk management plan works, including all employees, contractors and suppliers. Your approach will need to evolve alongside changes to technology and the risks faced by businesses.
NFU Mutual’s partner, CyberScout offers free guidance or can provide a template to assist with risk management planning. Further details on CyberScout’s services and their free helpline for NFU Mutual customers can be found at the end of this article.
2. Ensure 'secure configuration'
Secure configuration refers to security measures that your business should put in place when building and installing computers and network devices.
It’s important to develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities – automated patch management and software update tools are some of the ways to do this.
3. Keep home and remote workers secure
Having people working at home, or remotely, can create new risks such as the loss or theft of devices or sensitive information.
Steps you can take to prevent this include checking devices encrypt data, which will protect data on the device if it’s lost or stolen, and ensuring staff know how to report any problems.
Putting the right procedure and policies in place is more important than ever with many people currently working at home due to Coronavirus.
4. Be prepared for the worst
Security incidents are all too common. In the 2020 UK Government Cyber Security Breaches Survey, almost half (46% ) of businesses had identified cyber security breaches or attacks in the last 12 months.
So, it’s important to prepare for the worst and invest in setting up policies and processes to help manage an incident and reduce its impact.
If your business is a victim of a severe cyber incident, you may wish to contact CyberScout’s free helpline to get advice about next steps and best practices. You should also report it to the NCSC.
5. Protect your business from malicious software
Malicious software, known as malware, includes the likes of viruses and ransomware. In short, it is any code or content that could pose a threat to your IT systems, by disrupting your business, or leading to the loss of sensitive information or data.
It’s vital that all of your employees know how to recognise and protect themselves from malware. You can also put in place robust anti-virus tools on all devices.
6. Manage user privileges
Only give users the minimal necessary level of data access, system privileges and rights needed for their role in order to minimise risk.
This means that if the account is misused or compromised the impact will not be more severe than it needs to be.
7. Monitor all networks, systems and services
Proper monitoring enables you to assess how systems are being used and whether they’re being attacked.
For example, unusual network traffic – such as connections from unexpected overseas locations – or large data transfers should automatically generate a security alert.
8. Ensure network security
Your systems are vulnerable to attack through connections from your networks to the internet, and other partner networks.
So, make sure your network security is robust. There are many types of network security, including firewalls, email security, and anti-virus software.
9. Control use of USB sticks, mobiles and 'removable media'
Removable media is anything that can be plugged into a computer, from a USB stick to a smartphone or tablet. These can store and transfer a lot of data and information which may be sensitive or confidential.
When using these devices, information can be easily lost - with potential damage to your business’s reputation - or malicious software can be introduced.
So, develop and implement policies and solutions to control and minimise the use of removable media, and ensure everyone knows about these policies.
10. Educate your team
A common theme among many of the tips for robust cyber security is the need to involve and educate everyone in your organisation.
So be sure to establish a security-conscious culture, providing training and ensuring employees feel empowered to report incidents without fear of recrimination.
These are just basic steps to get you started in your journey towards creating a more secure business. But there is much more that you can do.
We have partnered with cyber and privacy experts CyberScout to offer our small business and small farm customers free access to a 24/7 cyber helpline until 31 December 2020.
The helpline provides services such as guidance on managing cyber risks during the Coronavirus outbreak, or support following a cyber incident in your business. Call 0800 069 8203, ensuring you have your NFU Mutual business policy number to hand.
What you need to know
This is a helpline advice service only provided by CyberScout on behalf of NFU Mutual for customers who do not have a commercial cyber policy, with an annual turnover up to £3 million and less than ten employees.
When you call, the scope of your cyber query or incident will be assessed in your initial consultation with CyberScout. If the team are unable to resolve your query over the phone, you will receive a full quotation from CyberScout to liaise directly with them and access the full range of services and support available.
It is not an insurance cover, and any additional costs and support are not covered by NFU Mutual, nor are these costs recoverable under your NFU Mutual insurance policy.