Managing IT responsibilities takes a great deal of focus. There are often competing demands for resources and your attention. No matter what challenges you and your team are facing, there is one area that can never be neglected. Cyber security must remain your top priority in order to keep your business running safely and securely. There are 4 cornerstone ideas that you need to mark in your calendar for quarterly review. If you check in with these cornerstones of cyber security you’ve got a great chance of protecting your sensitive data and your corporate reputation.
Identify security and cost-based priorities
It’s indisputable that cyber security should be one of the top 3 priorities for your business. It’s also clear that many small businesses have limited resources and may not always be able to dedicate as much of the budget toward it as they’d like. The key here is to review your data and determine which is the most sensitive. Evaluate how your data is currently protected. Is it all grouped together under the same controls, or do you have tiers of security? Flag any data that you think needs higher levels of control and vice versa. The key here is to focus on your return on investment. Which data should be protected to provide the best ROI?
When you realise that you don’t need to protect all of your data equally, you can identify the most sensitive and give it the most protection. Group your data and assign various levels of controls where needed. This will help you protect what’s most valuable while preserving your limited resources. When your budget or time expands, your next group of data should be easily identified for upgraded protections.
If you’re unsure how to group your data, there are various frameworks that exist to provide that guidance. Connecting to an experienced IT support team can also help you navigate the levels of data cyber security.
Conduct detailed vetting of implementation procedures
Installing new devices and configuring new networks can often be a stressful time, particularly if you’re trying to get the job done so downtime is minimised. One vital step that is often missed is to change the default settings on every new device. It’s easy to forget in the rush of going live but leaving default settings on mass market devices is like leaving the key in the lock. Common settings and passwords for devices are often able to be found online with little effort.
What kinds of settings are we talking about? Think about installing a new router in your office. If you’ve picked it up at a local store, it’s likely designed with an untrained end-user in mind. That means set-up and installation is made to be as simple as possible. The password is probably ‘admin’ or even ‘password’. An average domestic user may have little need to change that, but as a corporate user, it simply must be attended to. If your router is hacked using this simple backdoor, then it can act as a gateway to your entire network. At best you can hope to be locked out of your data. At worst you could experience data theft or financial losses. If you’ve inherited an IT set-up, be sure to vet each item and system for default settings as a matter of urgency. This applies to any software as well as hardware.
Get your leadership team on board
While this is becoming easier as management is beginning to see the costs associated with data breaches, many IT departments still don’t have the full backing of their leadership teams. Communicate to your management about the cost of breaches and highlight the incoming GDPR regulations. Beyond that, demonstrate to management how budgetary and staffing support can lift the bar from ‘compliance as standard’ to ‘compliance as a minimum’. If you can get vocal and visible support from the top, middle management and staff are far more likely to cooperate with cyber security protocol.
Promote vigilance across all areas
The GDPR is challenging businesses across the UK and EU to review their data security protocols. The new regulatory environment creates a turbulent time as new methods of data protection are implemented. The rapid changes and confusion create opportunities for malicious actors to breach security unnoticed. As regulations tighten it will force hackers to become even more deceitful, stealthy and discreet. Be ever vigilant for unauthorised changes in your systems.
Vigilance often means diligence. Regularly review your list of approved contractors and clients. Have you granted system access to new stakeholders? It’s reasonable to contact new partners to ask about their own cyber security practices. If there is a major weakness in their own protocols, or they stop trading due to a cyber-attack, it could affect your own business operations.
Perhaps more importantly, have you ended working relationships with clients or had staff move on? Old clients, former employees and expired contract holders must have all permissions, access and passwords revoked and/or deleted. Exit procedures should be in place but perform checks within your regular review processes to ensure there’s been a complete revocation of privileges.
Check in with staff about how they use the IT systems on a daily basis. Over time, insecure practices may develop in the name of efficiency (sending corporate documents to personal email addresses can be a common lapse). It’s understandable that staff need to share information speedily, but make sure that data sharing practices are followed closely. The destruction of outdated sensitive data must also be managed securely rather than quickly.
Pay attention to these 4 cornerstones of cyber security. You will have a far more efficient and effective strategy in place to protect your business.
About EC-MSP, your IT cyber security partner
EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support establishing your IT cyber security protocols or reviewing your current set up, contact us today to see how we can help.