A good understanding of cyber security has become one of the ‘must haves’ for all businesses, but when it comes to advice – how do Gloucestershire businesses separate the ‘must-dos’ from the myths?
As part of SoGlos’s on-going #CyberGlos campaign, which celebrates the considerable expertise in the cyber sector in Gloucestershire and supports the county’s business community, we have put together the following article in the hope it dispels some of the commonly held security myths.
Charles Russell Speechlys’ Cheltenham office advises regional, national and international clients ranging from multinational listed companies, government organisations, limited companies and partnerships to entrepreneurs, private individuals and their families and its dedicated technology team includes experts on data protection and cyber security.
Salus Cyber is a certified provider of world-class cybersecurity services, based in Cheltenham. It helps clients identify and manage their cyber risks proactively and effectively and is the cybersecurity partner of choice for industry-leading organisations throughout the UK and Europe.
The University of Gloucestershire is an integral part of the county’s cyber community. It was the first institution in the country to offer cyber security degree apprenticeships, and it has undergraduate and postgraduate programmes are helping to develop specialists in this field.
‘We are too small… nobody would be interested in what we do’ is a common refrain from many small and medium sized firms when asked about their cyber attack.
Experts will tell you quite the opposite. Smaller businesses often lack the sophisticated software or security team of big firms, making them an easier target for cyber criminals.
If you think your business has strong enough passwords and these alone will deter cyber criminals think again. Experts now advise ‘two-factor authentication’ as the order of the day. That means a password, and a second ‘identifier’.
Likewise, a single password is not enough to keep a Wi-Fi network secure. Good security if the sum of its parts. At a minimum staff should use virtual private networks (VPNs) to secure their connections.
If you presume because your business has never been attacked it is because your security is so good, it is more likely because you are been lucky – so far. Cyber attacks are becoming more and more sophisticated.
Develop a strategy that allows you to react quickly to a security incident, mitigate any damage before it becomes significant and learn.
While keeping up with industry regulations is a must, for your reputation and your security, you should not benchmark yourself against them as a measure of how good your security is.
They often only contribute a bare minimum to your business being safe. Carefully consider whether regulations cover the scope of your data and critical systems.
Don’t put all the responsibility for looking after your business’s cyber with your IT department.
While the IT department will have the lion’s share of the responsibility, everyone in a business should play their part – not just to detect and deter but to report any suspected breaches too.
Securing internet-facing applications is a must, but they should not be the only focus for your business.
If one of your staff uses a flash drive which contains hidden malware, plugs in a phone or laptop usually used for personal use, your organisation could also face threats. It is about having a multi-layered approach to security and educating staff.
As good as you might think your third-party security provider is, they are not on their own. It is crucial that every business seeks to understand the security risks, develops policies and practices to keep it safe, implements them and reviews them regularly.
If you do not have anti-virus and anti-malware software then you should get some, but do not rely on its to keep your business safe on its own. It will not protect your IT from every cyber risk.
A comprehensive cyber security plan must also include response plans and employee training – and this must be ongoing.
If you have read all of the above and not got it by now, achieving good cyber security is an ongoing process. Just as criminals are developing their methods of attacking your business, so you must continue to adapt, learn and refresh what you do.
Continuously monitor, conduct internal audits, train, review security policies, and embed best-practice into your key business processes. Make this part of your company’s culture. It will make your business safer, customers and your suppliers safer and help protect your business.
This article is part of SoGlos’s #CyberGlos campaign, supported by Salus Cyber, Charles Russell Speechlys and the University of Gloucestershire, to champion cyber-related business stories in Gloucestershire. Visit soglos.com/cyberglos for more information.
Thursday 07 October 2021
Enjoy a terrifyingly fun family daytrip this Halloween half term, with SoGlos handpicking some of the spookiest places that...
With everything from orthopaedic services to men’s and women’s health, Nuffield Health Cheltenham reveals some important reasons...
With everything from embracing statement colours, to introducing beautiful patterns and furniture to your home, SoGlos rounds...
Pick-your-own pumpkins at one of these prime Gloucestershire patches, perfect for carving spooky Halloween decorations or filling...
From turrets and castles with spectacular views to saunas and swimming pools, SoGlos’s popular Gloucestershire property...