How to improve business security - Part 2: Cyber Security
Cyber security is as, if not more, important than physical security depending on what your business does. Use of computers and mobile devices are essential today and with this comes the ever-growing risk of hacking, viruses, phishing attacks and data breaches.
General Data Protection Regulations (GDPR) were implemented across the EU in 2018, also addressing the transfer of personal data into and outside Europe.
There are many measures companies can and should take to keep data safe, and this process should start with an audit or review of the information being held and transferred, who is involved and how much access they need. A risk assessment should be carried out in the same way it would for the company’s physical security. The company business continuity plan should include what to do in case of IT problems, an attack or data breach.
All companies should have access to expert IT support, either in house or contracted externally. They will be able to conduct regular reviews, put in places security measures such as firewalls and spam filters, and help with staff training.
Passwords need to be updated regularly and if possible, a password manager programme can help ensure passwords are secure. It’s easy to get complacent and use the same password across all your accounts. Two-factor authentication should be used where available; it’s a simple process and can make a big difference to security levels.
Not all your employees need the same levels of access to information the company holds, so accounts should be set accordingly giving you greater control and security over the information. It’s also important to delete any ex-employee accounts as soon as possible to prevent sensitive data being accessed.
Follow update reminders for anti-virus and other software, as the older versions might not keep you protected and it should only take minutes to update rather than hours and potentially thousands of pounds if you don’t!
And finally, make sure your policies and procedures are all up to date, do you have privacy policies for use of mobile devices and for staff working from home?