Our advice on how to build a cybersecurity plan is essential for any modern day business, with data security seen as the number one threat to all businesses.

The rise of ransomware, hacker groups and bored kids hacking networks for fun from their bedrooms, security has taken centerstage for all of us in this modern era.

Let’s not forget the financial implications of a breach of security and the possible loss of customer data, fines and losses for these breaches are up to £2mil+. The larger the business, the larger the fine! With this in mind, we believe all SME’s should look at building security into everything they do. In addition, planning now on how you would deal with being hacked may mitigate the effects of the attack and help your business survive. Keeping your business safe from cyber criminals is easier than you think. By drawing up a cybersecurity strategy now, you can protect your systems, data and clients from attacks and data breaches. Most of the steps we plan to highlight are quick and cheap to implement; however, they are very effective. A cybersecurity plan can mean the difference between financial ruin and success. Globally cybercrime is on the rise, and attacks such as Ransomware are becoming more and more popular although not talked about within the press. As a whole, hacks and attacks have risen 22 per cent year-on-year. In the UK, online crime costs firms around £1 billion and is ranked as one of the top five global threats. Whilst trading online or using internet tools can never be entirely safe, having a cybersecurity plan is effectively the same as locking the windows and doors.

How to build a cybersecurity plan

The first step is to understand what it is exacting you are protecting? You have to understand what data it is that you are storing and what information is contains. Retaining data not required for indefinite periods maximises the effects of a breach and unnecessarily compounds the impact of a breach.

A password policy should be set which encourages users to reset their password frequently, and users should be encouraged never to share passwords. Individual usernames and passwords should be created for systems, instead of generic and common accounts. Studies have shown that where users share passwords, the risk of a breach is increased by 27 per cent.

Security should be ever present

Within small and growing businesses, security is often overlooked or is the last thing on owners minds. However, security is critical.

Update regularly

Ensure that PCs and applications are updated regularly and that no devices or systems are excluded. Most manufacturers invest a lot of money to keep ahead of hackers, so applying those updates maximises their investment in keeping you safe.

Next, with updates taken care of, the next vunerability are people and social engineering. Staff should be trained not to pick up those USB sticks in the car park, or click on the attachments\links in emails from people they don’t know and they should be trained to spot phishing attacks. Financial or company information should never be disclosed without a series of agreed checks being carried out beforehand.

“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

How to deal with a cyber attack

In the event that you are comprised, or being held to ransom, liaise with IT department as soon as possible. If you don’t specialised IT team to deal with these matters, then bring in a trusted IT Services Provider asap. Alternatively call your insurer, a good insurer will help you resolve the breach with access to experts both legal and technical.

Work this out in advance, plan for it in advance and stick to the plan. By having a plan worked out in advance, you minimise delays discussing what to do next, how did happen and other things which can be discussed and assessed after the breach has been resolved.

As the scouts say, be prepared – “Forewarned is forearmed.”

Here are six (6) disturbing Cybersecurity facts for 2016 which everyone should know

98% of web apps tested are vulnerable to attack 90% of large firms reported a security breach of some description 75% of director spoken to were not aware of their own cyber security plan! 93% of Data Proctection breaches were caused by human error Online banking continues to increase 48% year on year There been a 144% increase in successful cyber security attacks on SME’s

Fdsacts provided by itGovernance.co.uk (https://www.itgovernance.co.uk/blog/6-truly-shocking-cyber-security-statistics)

Article inspired by https://www.theguardian.com/hiscox-partner-zone/2016/dec/22/how-to-create-a-cybersecurity-strategy