Guide to Cyber Security for small businesses and consumers
Posted: 25th July 2016
Gloucestershire WiRE Network recently hosted the local Police Cyber Security Officer.
As an area of growing importance to businesses, large or small, Cynthia Crawshaw (the Network Leader) has forwarded information from the meeting to help inform other WiRE Members.
The key messages from the meeting were:
- Don’t be fearful but take responsibility for your own businesses and not rely on the police or banks
- Remain vigilant at all times as the cyber threat comes in all shapes and guises!!!
- Smartphones is a key area – where many people do not having any form of anti-virus ‘protection’
- Password management is a big issue, the officer recommends software for this and ideally 12 digit passwords for key info
- Business Continuity Plan for businesses (even if we are one woman operations) consider what happens if your business is attacked or held to ransom as per the latest viruses.
- Lastly and an issue which will be of high importance to WiRE members is the 2018 change to Data Protection (Preparing for the GDPR – 12 steps to take now)
Please scroll down for links and an overview of the Cyber Essentials Scheme.
A GUIDE TO STAYING SAFE When You Bank or Shop Online
SMALL BUSINESS REPUTATION & THE CYBER RISK Report and advice from Cyber Streetwise & KPMG
CYBER ESSENTIALS Security Guidance for Businesses
MOBILE DEVICE SECURITY A buyer’s guide to choosing and using mobile devices
CYBER LIABILTY INSURANCE 10 reasons to buy cyber liability insurance
USEFUL LINKS For cyber security information
Home Security Survey
What to do if your business has been affected by Cyber Crime (Gloucestershire Police)
Staying safe online
Get Safe Online Website
Cyber Streetwise Website
Overview of the government’s Cyber Essentials schemes, which has been introduced in the last few years to help organisations protect themselves against common cyber attacks and offer the opportunity to acquire a Cyber Essentials certification badge.
It’s good practice here to help prevent those opportunistic attacks. Cyber Essentials’ 10 Steps to Cyber Security are:
- Information risk management regime Assess the risks to your organisation’s information assets with the same focus as you would for other risks such as legal, regulatory, and operational threats.
- Secure configuration Remove or disable unnecessary functionality from your IT systems, and keep them patched against known vulnerabilities.
- Network security Monitor traffic for unusual or malicious incoming and outgoing activity that could indicate an attack (or attempted attack).
- Manage user privileges All users of your IT systems should only be provided with the user privileges that they need to do their job.
- User education and awareness Produce user security policies that describe acceptable and secure use of your business’s systems.
- Incident management Establish an incident response and disaster recovery capability that addresses the full range of incidents that can occur.
- Malware prevention Produce policies that directly address the business processes (such as email, web browsing, removable media and personally owned devices) that are vulnerable to malware.
- Monitoring Establish a monitoring strategy and develop supporting policies, taking into account previous security incidents and attacks, and your company’s incident management policies.
- Removable media controls Produce policies that control the use of removable media – such as memory sticks – for the import and export of information.
- Home and mobile working Train mobile users in the secure use of their mobile devices for locations they will be working from.