Northampton: 01604 657200    Daventry: 01327 317300

Your accountancy service and financial planning advisor

 

[04.07.2017]

Cyber Security – Part Two

 

Welcome to part two of our short blog series on cyber security. If you missed part one please click here to read our previous blog post.

In a recent survey the Department for Business, Innovation and Skills (BIS) found that 31% of small businesses experienced a staff-related breach in 2015 which was an increase on the previous year. 72% of companies where the security policy was poorly understood had staff-related breaches and 28% of the worst breaches were caused by senior management giving insufficient priority to security. Therefore it is vital that cyber security is viewed as a priority and that this is fully communicated to all staff.

What can you do?

There are various actions you can take to protect your business. Some of which were covered in part one of the blog series and more steps are detailed below:

  • Passwords – Passwords should be used to access your network and it is good practice to use them for each application which carries sensitive or confidential data. Passwords should never be written down and should be changed regularly. It is usually possible to set your system so that it requires the password to be changed at regular intervals. Passwords should never be shared and should be a mixture of lower and uppercase letters and numbers.
  • Disk and Drives – Devices such as DVDs, USB sticks and discs can pose a risk. They can introduce viruses into your computers or be mislaid. Where possible ensure disks and drives are used only on business computers and not on third party computers. If these drives do need to be used in third party computers install anti-virus software on them and scan drives whenever they are used in the office. To protect potentially sensitive data from being lost keep a log of who has possession of drives at any time and check all documents are deleted from them after each use.
  • Mobile Devices – Ensure you use the passcode function on mobile phones for gaining access and apply the setting that automatically locks the device after a certain period of time. It is also important to be aware of the dangers of unencrypted public Wi-Fi. When using public Wi-Fi check the hotspot is genuine, that file sharing is turned off and your firewall is turned on.
  • Devices outside the office – You may have employees working outside of the office using laptops, tablets, mobile phones etc. and these devices also need to be secure. Staff should make sure the devices are always kept on their persons or locked away out of sight, for example in a car boot, and are not left out in plain sight. Devices should never be left in a vehicle overnight. You should have the facility to remote wipe a device should it be lost or stolen. Many newer devices have this feature inbuilt although software can be installed to older devices to add this function.
  • Banking – Your bank will never ask for your PIN number or password. There are no exceptions to this, regardless of how genuine the fraudsters may appear. If you have any doubts end the communication and contact your bank directly, using your usual contact number or the details printed on your bank statement or card.

Summary

The message of this blog series is that cyber security doesn’t always have to be complicated or expensive. There are small steps you can take to protect your business from a security breach, in addition to security software. The message is to take a moment to stop and think – we are all busy but not making security a priority can leave us vulnerable to a cyber security breach.

For more information on this subject the ICAEW offer a 10 step guide on cyber security for smaller firms and the Government essentials guide is also useful. Get Safe Online is also a leading source of information and resources on online safety.

Check back next week for part three of our cyber security series, where we will discuss implementing a cyber security policy for your business.

Andrew Picker

 

 

Leave a comment

 

 

Comments left on this post

 

 

 

Next Previous