What is your business’s current cyber security set-up like?
If you are like 40% of UK businesses, the answer could be “non-existent”.
Given it’s the 2020s, that’s a pretty shocking statistic. But approaching half of all small and medium businesses have essentially decided to chance it when it comes to their cyber security.
Putting proper cyber security protections in place can be straightforward. It can also be very cost-effective. Especially considering the potential costs of not doing something.
So what are the absolute basics of cyber security you should invest in?
Types of cyber security you can’t skip
1) Multi-Factor Authentication
Sometimes referred to as MFA or 2FA (Two-Factor Authentication), Multi-Factor Authentication is the now almost-standard practice of entering another level of authentication after your initial user name and password.
Sometimes this extra step happens when you receive a text message with a code. Sometimes it’s via an automated phone call or an app.
The vital thing is that even armed with your username and password, someone trying to access your account can’t get in without also having your phone, app or – sometimes – a special key card or key fob.
If this sounds like a potential time-sink, know that you can also use location as a form of authentication. This means you could set your office as a trusted location and skip this step on the devices secured inside.
2) Microsoft Defender 365
For users of Microsoft 365 (if you don’t use this, it’s time to look into it), Defender 365 is a common-sense addition that costs you little and does a lot to protect you from hacking, phishing and other similar threats.
Formerly known as Advanced Threat Protection, Microsoft Defender 365 needs to be configured correctly in order to give you the best results. But armed with it, you’ve taken a solid step towards being cyber security-safe.
3) Staff training
It’s eye-opening to realise how many cyber security threats arise through common mistakes your team might make any day of the week.
The most common example in 2020 and 2021 is making the shift to working from home without proper cyber security protections in place. Team members using their own devices for work or machines from a stash of older laptops and the like are easy prey for malicious actors.
In addition to instituting proper device management, training your team to do things like spot phishing attacks and other basic cyber security practices goes a long way to protecting your business from many of the threats out there.
4) Third-party backups
If you use Microsoft 365 or G Suite, it’s worth bearing in mind that – in the small print – Microsoft at least actively tells you to use third-party backup to store your data.
Being on the cloud is great for collaboration and security. But you absolutely need to put the proper backup in place to protect yourself against everything from active attacks to accidental deletions.
Third-party backup services are available at very affordable rates, so there really isn’t any reason or excuse not to set one up.
5) Cyber Essentials
The Cyber Essentials scheme is backed by the UK government and certification is a necessity if you want to bid for government contracts or partner with all kinds of companies.
The certification covers everything needed in terms of cyber security practices and standards to protect your organisation – and, by extension, those you work with – from all common threats.
If you have some cyber security measures already in place, odds are that you will be close to qualifying. But either way, getting Cyber Essentials certification is a clear signpost to other organisations that you take the matter seriously.
It’s also a straightforward checklist for you to be sure that you’ve correctly invested in all of your basic cyber security bases.
Ready to invest in your own cyber security?
Dial A Geek guides businesses across Bristol and beyond on the road to being properly protected.
Book a commitment-free consultation with Chief Geek Gildas Jones via his booking calendar. Let’s see what your first step on that road should be.ALL ARTICLES