Cyber threats: simple steps to secure your business

Neil Sinclair, National Cyber Lead at the Police Digital Security Centre, sets out the crucial steps every organisation must take to protect itself from cyber threats.

April 2019

How do you get people in your organisation to engage with the dry topic of cyber security? The truth is, people don’t care because they think it’s not their responsibility. Yet this complacency and inertia can have disastrous consequences.

Cyber criminals know this, which is why they like to target people. Perhaps your people.

As the threat to business and individuals continues to grow, cyber security focuses on cultural change, raising awareness around ubiquitous cyber security vulnerabilities, helping you develop a more secure workplace culture. There are a handful of simple fixes we should all do all the time to make life online safer.

1. Your business must know its level of risk. Make this a priority for the board and senior managers. Know how long the business can be offline before the business starts to fail, be it through reputational damage or financial loss. Only then can you build your resilience and recovery plan.
2. Make sure that everything that touches the internet has the latest software updates installed. Popularly known as ‘patching’, this needs to be done as soon as the update becomes available, don’t ignore it or postpone it because that leaves the door open to have your ‘stuff’ stolen.
3. Bulk up those passwords into passphrases! Make them longer by using three unrelated words and include spaces or symbols; don’t use the same passphrase on more than one account; don’t leave them in plain sight; you shouldn’t have to change a strong passphrase but do adhere to workplace policy.
4. Have a mobile working policy and don’t let work stuff touch your personal devices. You wouldn’t go into work with a virus, so don’t be tempted to let one get into the network.
5. Be aware of shoulder-surfers. Don’t enter a passphrase/password in a packed train or coffee house, you have no idea who is watching.
6. Have a policy to control all access to removable media. Don’t plug that free or found USB stick into the system unless it’s been scanned for malware.
7. Manage user privileges. Start by giving the minimum access and only add access where there is a clear requirement. Do not use the ‘admin account’ for email or web browsing, because once that account is breached it takes the whole network with it!
8. DON’T CLICK THAT LINK! If an email or SMS is unexpected, oddly formatted, or generally odd, it probably is. Contact the sender and check its validity. 

A whirlwind guide, but you’ll be safer for it!

Neil Sinclair is National Cyber Lead at the Police Digital Security Centre (incorporating London Digital Security Centre).

Liked this? Read these:

• Cyber insurance for accountants: you could be exposed
• Creating the tech-savvy finance team
• The enemy within: Brexit and rising employee fraud | ICAEW