Welcome to part three of our short blog series on cyber security. If you have missed the earlier blogs please check out part one and part two. In the first two blogs we discussed various small steps you can take to protect your business from a security breach. In this blog we will talk about how to bring these steps together into a cyber security policy.
Why have a cyber security policy?
As reported in our last blog, according to a recent survey by the Department for Business, Innovation and Skills (BIS) 72% of companies where the security policy was poorly understood had staff-related breaches and 28% of the worst breaches were caused by senior management giving insufficient priority to security. These statistics show the importance of having a strong cyber security policy.
The function of a cyber security policy is to inform all staff what to do (and what not to do), and needs to detail what will happen if staff do not follow your policy. It needs to cover the objectives of the policy, why it is important and detail your key security controls. It also needs to state who has issued the policy, who is responsible for maintaining it and who is responsible for enforcing cyber security.
Creating your policy: A step by step guide
A cyber security policy should be tailored to the needs and requirements of your business. It should be issued by senior management who are ultimately responsible for updating and enforcing it. Internal or external experts can provide support to senior management. Clear communication of the importance of effective cyber security systems from those running the business will ensure the subject is taken seriously by staff and that they understand the need for the systems and the consequences of not following the policy. The list below details points to consider and include in your policy. However this is a general list, to be used as a starting point, so some items may not apply to you or you may wish to add further points to tailor it to your business.
Once the policy has been prepared circulate it to all staff and allow space for any questions or issues to be raised. You may also need to organise staff training at this stage, if necessary
It is important to remember that once you have created a cyber security policy and circulated it to staff this is not the end. Your policy needs to be a working document and reviewed regularly to ensure it still meets your business needs. Cyber security risks are constantly changing so your policy and strategies also need to evolve to protect you and your business from security breaches.
Technology is an important part of modern life and has made great advances in the way businesses are run and the reach we have to our customers. However this has not come without downsides, such as online scams, viruses and malware spread via the internet. Our series has detailed some of the small ways in which you can protect your business online, and has hopefully highlighted the importance of simple steps. We hope you have enjoyed our series on cyber security and that you have found it informative and useful to your business.
"DNG provided us with invaluable advice and support as we negotiated our way through a recent MBO. They were super responsive and patient with our never ending questions and queries. I wouldn’t hesitate to recommend their services to other small businesses."
"Halcyon has been with DNG since 2000. In that time they have become an integral part of our business success. Not only do they provide the statutory auditing services but they have become our "Critical Friend" - offering advice and guidance at crucial stages of the Company's evolution and development. It's hard to imagine not having them there.
We are delighted with the quality of service they provide - always professional, always timely and always valued.”
"Jones Wholesale have been clients of DNG’s payroll facility for many years and would not think of changing to any other option. The consistency of service received is extremely reassuring and the staff I have experienced have always been efficient and a pleasure to deal with.
To know that calculations and reports will always be accurate and timely is of paramount importance to me and their knowledge and advice on personnel and tax/benefit matters has proved particularly valuable."
"The British Institute of Non-Destructive Testing (BINDT) has used DNG’s services for over 25 years. DNG are active participants in the day-to-day function of the Institute’s Finance and Accounts department.
BINDT is reassured in the knowledge that the staff at DNG are always on-hand with viable solutions and dependable advice for any financial query passed their way.
DNG provide outstanding payroll and budgeting support to BINDT and are consistent in preparing for and providing a thorough audit of the Institute accounts.
The support and services BINDT receives from DNG are second-to-none."
"iSAMS have been working with DNG since 2008 and they were not only chosen on the basis of their excellent reputation locally but also on their expertise in our particular area of activity.
DNG are our ideal partners and have helped us maximise on the exciting growth our business has seen during its infancy. We particularly value the on-site and personal service provided by the Management Accounting and Systems Support team.
We are more than delighted with the services that they provide and would strongly recommend DNG to any company or individuals seeking very professional and friendly advice."
"Barton Petroleum Ltd have been using DNG’s payroll services for many years now and value highly the confidential and personal service which they deliver. Their speedy and efficient resolution of complex queries is particularly appreciated.
DNG represent excellent value for money at a time when all forms of expenses are under the microscope and I would have no hesitation in recommending them as an outsourced bureau."
"DNG’s approach and conscientious attitude have been invaluable to my business and I could not have done without their expertise. Knowing the payroll for my employees, at the Tattoo Club is in safe hands has allowed me to concentrate on other issues within my business.
I pass on my sincere thanks to them and hope that we will continue our business association well into the future."