10 Government Tips for Business Cyber Security

According to the 2015 Information Security Breaches Survey, the Department for Business, Innovation & Skills reported that a staggering 90 per cent of large organisations had experienced some form of cyber breach during the last 12 months.

When reviewing each company’s worst individual security breach, the average cost per firm was between £1.46 million and £3.14 million.

While the data for small businesses is much more difficult to maintain as correct data breach records are not always kept or made available, the report still highlighted 74% of firms that experienced a security breach in 2014.  

Small firms’ average breach cost was £75,000, and £311,000 for their worst breach.  Without adequate Cyber Insurance, many small firms would not be financially able to recover from such losses.

All Businesses Need Cyber Protection

Regardless of the size of your business, adequate Cybersecurity and Cyber Insurance provide invaluable protection. To help your business develop thorough cyber risk management, the government has set out 10 beneficial tips;

1. Keep any directors and officers informed in terms of the preventative measures which your business is taking to manage cyber attacks. This may include reports detailing current and new initiatives.
2. Produce a user security policy for your staff that covers the acceptable use of your organisation’s IT systems. Also, establish a general staff training programme on managing cyber risks.
3. Develop and manage a mobile working policy to protect data outside of the office.
4. Ensure that any security patches are applied as soon as they become available, and ensure that the configuration of all information communications technology (ICT) systems is secure and maintained. Additionally, create a system inventory and define a baseline for all ICT devices.
5. Create a secure policy for all removable devices & data media — such as thumb drives and external hard drives. Include the requirement that all media be scanned for malware before importing it onto the business system.
6. Establish online and cyber account manager processes and monitor user activity for potentially hazardous or malicious behaviour.  Non-business sites and email use can be a common cause of malware.
7. Develop a cyber incident response procedure and disaster recovery policy. This should include detailed testing incident management plans.
8. Create a general employee monitoring strategy to identify potential malware and hazardous online behaviour.
9. Establish anti-malware defences to protect against viruses and hackers.
10. Protect your business desktop and laptop computers, together with online networks, against external and internal attacks by managing the network perimeter and filtering out unauthorised access and malicious content.

By implementing these 10 tips, your business will reduce risk and identify any deficiencies in your cyber risk management scheme.  

However, the best practice is to carry out a bespoke risk assessment, which is tailored to your own business practices and current systems and processes.