Cyber Security – Stay safe and secure with tips from Kalamazoo IT.

Small Business Cyber Security

You don’t need to hire a secret agent to protect your business from cyber threats (but you can help yourself). Simply use these tips, approved by the National Cyber Security Centre at GCHQ

Download your small business Cyber Security Action Plan

    Policy actions.

    All staff responsible for your overall cyber security policy should:

    □ Spot and keep a record of essential data for regular backups

    □ Establish a password policy

    □ Decide what levels of access your users need so they can only access the information and systems to do their specific job role

    □ Agree which team members need access to USB drives

    □ Register for threat alerts and read cyber local advice e.g. briefing sheets/threat reports from www.actionfraud.police.uk/signup

    □ Keep a log of approved USB drives and their issued owners. Review this from time-to-time to check if this ownership is still necessary

    Technical actions.

    Your technical team/service provider are your first line of defence against malware and cyber attacks. Responsible for the setup of your networks, devices and software, they can keep your business secure if they:

    □ Turn on your firewall

    □ Activate your anti-virus software (and install if needed)

    □ Restrict access to physical ports for colleagues who don’t need it

    □ Give all staff access to a password manager (there’s lots available via the AppStore) so they can store their passwords safely

    □ Backup data to a secure platform e.g. The Cloud or portable hard drive

    □ Arrange automated back-up periods for specific times that complement the needs of your business

    □ Password protect all your available devices. This includes changing default passwords on your internet-enabled devices too, such as PCs, Tablets and phones

    □ Activate tracking tools to help locate your devices e.g. Find my iPhone

    Enable two-factor authentication for email and other important accounts

    □ Restrict user access to prevent them from downloading third party apps

    □ Update all devices with the latest software and make sure all updates are automatically scheduled and checked

    □ Encrypt all office equipment using a Trusted Platform Module (TPM), e.g. Bitlocker for Windows, with a PIN or FireVault (on MAC OS)

    Training and awareness actions.

    Raising awareness of cyber threats within your company is one of the greatest ways to reduce the chances of them happening. Your business trainers and those responsible for internal security should:

    □ Give all staff secure physical storage (e.g. a locker, secure pedestal) where they can write down and store passwords

    □ Produce a training plan that you can use to educate all staff on the importance of Cyber Security which:

    □ Explains your ‘Password’ policy and why it must be followed with tips on how to create a non-predictable password

    □ Teach your teams how to spot obvious phishing signs

    □ Describes how your business operates and how teams should manage requests via email

    □ Gives guidance on Wi-Fi hotspot vulnerabilities and how teams can use alternative options (e.g. VPN/Mobile network)

    Your cyber security is critical to your business. Together with the National Cyber Security Centre we want to help you reduce the chances of your business falling victim to cyber-crime. Follow these easy-to-implement tips to keep your systems secure.