HOW RISK READY ARE YOU?
You're status is : Nearly Ready!
You've taken some steps to protect your business, but have a look and see what else you can do to ensure a data breach doesn't mean lost business, fines or a failed business.
Are you aware of and taking steps to protect your business from cybersecurity risks?
We've all seen the news when there's a major data breach, but there are many more that go unreported. And don't think you are too small to bother with, many of these attacks are automated and just waiting to find that small hole in your defence.
Do all staff understand what a phishing email is and what to do if they receive one?
Phishing emails are sent out in the hope that someone clicks a link or opens an attachment, with a malicious intention.
This could lead to your accounts being compromised or your data being held to ransom if you're hit with a type of malware called ransomware.
Ensure your staff are trained to spot phishing emails and know what to do if they get one! Make sure you aren't punishing staff that fall for this type of attack, always report it to Action Fraud and don't pay the ransom as you're just funding the criminals to keep on going!
If ransomware or a hardware failure led to lost data, could you restore the data?
It's important to understand that backups are essential. You could be hit by theft, flood, fire, cybercrime, malicious destruction or accidental destruction and without an up to date backup and the ability to restore the data, your business might be in ruins!
Put a plan in place today to ensure your data is backed up, ideally off-site in the cloud and that you know how to restore the data should you have to.
Do you have any requirements for creating passwords?
Creating and enforcing password requirements is a great way to ensure accounts are harder to hack. Using simple words or something personal to you as a password means that your password could be hacked in seconds.
Use a passphrase, where you have 3 random words together to form a password, this will make passwords stronger and harder to crack. You can also use a password manager to generate and save your passwords for you.
Do you encrypt all personal, sensitive and financial data, especially if it is shared via email or other cloud service?
Encryption is the best way to keep documents secure and remember that emailing anything isn't secure unless the attachment is password protected with a good passphrase! Never put sensitive information in an email, always use a password protected attachment.
Are all paper documents stored securely?
We all still have paperwork and we need to ensure is it stored securely where appropriate. If you have to take paperwork out of the office, ensure you take steps to secure it and don't leave it lying around for others to read!
Do all devices require a pin or passcode to access?
Any device such as a computer, laptop, table or mobile phone should have some form of password or pin protection. And you should ensure you have rules about what people can and can't do with the devices and the data.
You're nearly there so don't stop now, think about how you secure your devices and data to better protect your business and the data you process.