Your cyber risk toolkit

Proactive management of cyber risk in your business is the best insurance of all. There are some simple steps you can take to mitigate cyber loss. Our toolbox below provides some tips to proactively manage these risks.

Top 5 Cyber security tips

1.

Run a mock data loss exercise and talk with an IT professional about performing a vulnerability test.

2.

Upskill staff on managing cyber risk. Your staff are your best line of defence but can also be your weakest link.

3.

Data recovery is just as important as data backup. Have a plan so you can use your data once you recover it from backup.

4.

Update your devices and your virus protection software. Out of date software is like leaving your house unlocked.

5.

Use complex passwords, like a sentence with a mix of numbers and characters.

Be prepared - not surprised

All businesses, whether large or small, face increasing volumes of hacking attempts, malware, and other targeted attacks. In addition to malicious attempts, there is also risk from simple human error or hardware failure - for example an employee accidentally emailing confidential information, or a power surge causing damage to crucial data. Know your risks in advance and take steps to manage them.

Cyber security tips

To ensure all devices and computers meet a strong password protection level you should:

  • Encourage your staff to use a sentence as their password. The lyrics from your favourite song are easy to remember.
  • Use a mixture of upper and lower case, numbers, and special characters such as Herec0mesthesun2345! The most common password in the world is password123 so we suggest you think of something a bit different.
  • Keep your password private.
  • Investigate a professional service such as 'Last Pass' if you must store passwords in some form. Never keep a list of passwords in unlocked documents.
  • Change your password regularly. Especially if you suspect someone else has been using it.

Backing up your data is only worthwhile if your business can recover and use it. To ensure your business is up and running as quickly as possible:

  • Have a robust automated off-site backup process that isn't a colleague taking a hard-drive home each night.
  • Make sure that backups are supported by an effective data recovery procedure. Too many businesses have a backup but no way of recovering the data.
  • Run a recovery data drill making sure it works before you need it.
  • Discuss with your suppliers the lead times involved in getting hardware (eg servers and computers) delivered, and how long it will take to setup and configure your mission critical software.
  • Ensure your IT provider commits to the lead times discussed with a service level agreement.
  • Use Recovery Software such as StorageCraft so that you can restore data and software to the state it was prior to the loss. These types of software can also allow you to restore from a specific point in time.

Limit the volume of cyber security weak spots that connected devices represent by:

  • Only allowing authorised devices (computers, mobile phones, laptops, tablets etc.) to be used for business purposes and accessing emails.
  • Maintaining close control on devices that staff take home or that can get lost. Ensure that in the event of a device being lost that there is a password or encryption of the data.
  • Activating GPS tracking if this functionality is available on the device.
  • Using manufacturers security settings to lock devices, find devices or remotely wipe data.
  • Setting up a data wipe default on portable devices if an incorrect password is entered a significant number of consecutive times such as 10 or more.

Surprisingly lots of businesses have open Wi-Fi networks. While that's great for both staff and customers, it provides an opportunity for hackers to access your information. To protect your business and data:

  • Restrict access to your company Wi-Fi network. Lock these up immediately.
  • Do not allow staff to login to wireless or wired networks with personal devices, including portable storage devices such as USB sticks.
  • Set-up a separate wireless device and network if you are wanting to provide free Wi-Fi to staff or customers.

Everyone within your business is responsible for protecting the integrity and security of your business and customer information. They should be familiar with your cyber security policies, processes, and training requirements.

  • Ensure the data protection policy is updated and then shared internally regularly.
  • Have a senior manager responsible for compliance and data protection.
  • Best practice is to encrypt all client data and commercially sensitive information. In the event of a breach, this means that the data will be unusable to other parties.
  • If you do not have an in-house technician, ensure you have a strong relationship with your IT provider. Make them aware of your internal systems and requirements so that they can ensure the software and hardware can achieve this.
  • When staff leave the organisation have a formal process and checklist for removing all access to email, web based applications and login credentials to internal software.

Most businesses have a disaster recovery plan in place for physical losses caused by fire and other events. These are now being adapted for the very real risk to technology and data. It is important to:

  • Amend disaster recovery plans to include steps to restore critical information and services to get the business up and running as quickly as possible.
  • Ensure you have a plan that contemplates the format of your data and your important software applications, including data backup.
  • Run disaster recovery and restoration drills - better to have a handle on it and have confidence now rather than when the worst happens.

Disclaimer
This advice given is a guide only and is not intended to be specific advice for every business. It is not an exhaustive list of the steps you should consider to reduce the risk of damage and loss. Every industry and business is different, each of which will have its own specific risks.