With cyber attacks becoming more and more commonplace in the world of SMEs, and attackers often aware of the fact that SMEs are likely to have a lower level of security than large enterprises, the bare minimum is no longer enough.
Nutbourne is an office solutions provider that has been certified under the Cyber Essentials initiative – a government-backed scheme that encourages SMEs to take on the same security practices found at enterprise level.
Patrick Burgess, Technical Director at Nutbourne, has offered his insight on the various ways you can tighten your network security and ensure the safety of all your company’s data. No matter the size of your business, skimping on your network’s security is a mistake you can’t afford to make.
“Educating your staff is one of the simplest and most effective ways to prevent security breaches,” says Patrick. “Making them aware of how breeches occur, how phishing attacks take place and how ransomware manifests are very effective measures.”
Patrick comments on the ease of providing staff with clear guidelines and an understanding of company policy. He goes on to say, “this is especially important for employers who offer flexible working, or companies whose executives work remotely.”
With the current climate of COVID-19 in mind, Patrick emphasises the importance of reminding your team of their responsibilities.
He notes, “with a large percentage of the UK workforce working from home it wouldn’t be surprising to see a rise in the number of phishing attempts and similar attacks. Making staff aware, and encouraging them to be vigilant will help to cut the risk of security breaches.”
Know your systems
Understanding what systems you have and where your data is stored is essential in keeping it secure. Patrick states, “if you don’t know where the data is or what people are using to access it, you have lost before you even start.”
Patrick notes that, whilst useful, cloud systems like Dropbox and OneDrive have their faults, “staff can think they are being clever and efficient by utilising these systems, without realising they are compromising your data by putting it in unknown locations.”
His accompanying advice is as follows, “there are many systems that can run a scan on your network and help you understand what people are using. From this information you can start to work out what policies and systems you need to put in place to protect your data.”
Patrick advises on implementing a clear guiding policy that will provide the framework that governs your IT strategy, as well as dictate the behaviour expected of employees and the practices you expect them to follow.
“Remember, cyber security is about protecting your information. Focus on your information first, rather than the technology you will use to protect it, and you will have a solid base to start from.”
Patrick recommends a framework that keeps your information confidential, protects its integrity and manages its availability.
“You should encrypt your information to make it secure, grant access only to those that need it, and maintain its integrity by checking that it hasn’t been corrupted in any way.”
Audit and test
Patrick advises that once a process is put in place, it needs to be continually reviewed.
“Meet quarterly to look at your systems, your known risks register and at the information hold. Check that it is up to date, accurate and secure. You need to ask yourself, is everything on here correct? Are the risks still being mitigated?”
Patrick goes on to say, “the more you educate your staff, the better. As per the example above, they will be less likely to start new spreadsheets and create unnecessary information points that create breach risks if they know what the risks are.”
Keep it simple
Patrick advises on an approach revolving around consistency and common sense. This includes clear and simple frameworks, guiding policies and regular evaluation. Also, regular software updates will mitigate 99.9% of security breach risks.
“Remember, a complete overhaul of your IT security is rarely required. Focus on a tune up. A 1% improvement each week is better than aiming for a 50% improvement over night because you’ve had a security breach.”