Cyber security checklist for growing businesses

chalkboard checklist - ticks only

No business is too small to suffer from a cyber attack. As you grow, so do the risks.

Most SMEs that suffer cyber attacks end up with a huge bill to pay. For most, that bill can run into the tens of thousands of pounds. The average is £27 500.

The bigger the business, the greater the cost of a cyber breach.

For most medium businesses that suffer cyber attacks, the costs are simply too high. The end result of a breach is the closing of the business.

But protecting your growing business doesn’t have to be an endless chore. Here’s the essential cyber security checklist for businesses on the up:

10 cyber security must-dos for your growing business

1) Conduct a cyber security audit

First thing’s first. It’s time to get to grips with the problem.

Your first step should be a full cyber security audit of the current state of your protections. This will allow you to:

  1. Outline the risks
  2. Identify the threats
  3. See where you are protected
  4. Spot where you need to be more prepared

2) Train your team

It’s sad to say, but it’s the human component that is often responsible for cyber security breaches at most companies.

That’s why your team needs to be trained to understand cyber security basics such as:

  1. Password security and what makes a strong password
  2. How to protect confidential data
  3. What phishing attacks are and how to spot them
  4. How to use email to communicate securely
  5. The need for digital and physical device security

As security threats mutate periodically, you need to update your team training regularly.

3) Implement strong passwords and MFA

MFA stands for multi-factor authentication. This is the kind of cyber security where you need another “factor” – this could be a code sent to your phone, a key card or even a fingerprint scan – something else in addition to a password to prove that you are you in order to log on to your system.

This is one of the best ways to protect your growing company from the pitfalls of weak passwords. At the very least, you should implement a policy of strong passwords. “Qwerty123” just doesn’t cut it any more.

4) Patch and update

One of the most straightforward yet important things you can do to boost your cyber security is to hit “okay” on all of those annoying updates to your OS and applications that you keep putting off.

Older versions of Windows no longer get security updates, so they’re at risk and need to be updated. Most other applications in common use are also subject to regular updates to protect them (and your business if you use them) from the latest threats.

Needless to say, your antivirus is one bit of software that is most in need of regular updates.

5) Put access controls in place

Not everyone in your company needs to be able to access all of the data or have all admin privileges. Making sure that there are set levels of accounts that only allow individual team members the access they actually need to do their job is a solid way to protect your company.

It’s not that your team can’t be trusted with the data. It’s that accidental data releases are much more likely to be prevented, malware much less likely to be installed and security measures deactivated if individual users who don’t need that level of access or control don’t have it.

6) Segment and segregate

As well as segregating your team’s level of access, you should segregate and segment your network itself. A well-designed network architecture is a great barrier to protect against intrusion and also safeguards your most vulnerable data.

7) Institute device security measures

All “work” laptops and other business devices your team uses in – and, especially, outside – the office need to have strong screen locks, proper MFA and disk encryption in place. You should also set up a remote-wipe capability in the case of loss or theft.

If you allow your team to use their own devices, you need to make sure you have sensible policies in place to protect this obvious and often-exploited cyber security loophole.

8) Use layered security

Layered cyber security includes:

  1. Anti-virus and malware protections
  2. Your firewall
  3. An IPS (Intrusion Prevention System)

These multiple levels of protection prevent attacks from getting in. Properly configuring them all usually requires some cyber security expertise. But it’s one of the most important cyber security boxes to tick for any growing company.

9) Back up your data

Backing up your data is something you should do regularly. The location you need to do so should ideally be secure and encrypted and off-site. This protects you against things like physical damage to your premises as well as cyber attacks.

10) Have a plan

What would you do if you had a data breach tomorrow? With a cyber security breach response plan, it’s a no-brainer. You already know exactly what you’re going to do and when.

This should get you back up and running again with little or no downtime. But, like all of the essential cyber security measures in this checklist, it’s something you need to have put in place before disaster strikes.

Need to protect your growing business from cyber threats?

Let’s talk. Dial A Geek already helps nearly 1000 businesses in Bristol and beyond protect themselves and we specialise in fast growing and funded companies.

Set up a commitment-free meeting with Chief Geek Gildas Jones via this booking calendar and discuss just how simple it can be to ensure you have all the right protections in place.