In our first blog post of 2017, we provided you with a set of practical steps which you can take to ensure that the IT security within your business is fit for purpose.
The first five steps looked at:
- How you can review the risks to your business
- Make sure you have the Cyber Essentials
- Protect your data
- Use the cloud
- Futureproof your data.
In this post, we will look at how you can take time to protect the IT security of your business through your employees and documentation.
For further information on the points within this blog post, take a look at the Information Commissioner’s Office’s Practical Guide to Security.
6. Staff Training
How much do your staff really know about IT security? If your employees are working with technology, it is your responsibility to ensure they understand the risks. We all know someone who has clicked a link in an email which claims to be from HMRC, PayPal or another big business. While often nothing more than a case of human error, links and attachments may contain malware that may seriously damage your IT systems.
Train your staff to recognise threats such as phishing emails and malware and keep up to date with the latest security updates from organisations which are relevant to your business.
7. Be observant
Cyber attacks are getting more sophisticated and convincing so it is essential that you and your team are observant at all times as many people discover they have been victim of an attack when it is too late. By checking security software messages and running regular vulnerability scans and penetration tests, you will be able to pick up and fix any vulnerabilities before they become serious security risks.
8. Know how to address the risks
In part one of our IT Security blog, we told you how to review the risks to your business. Putting good quality policies in place will make sure that you know how to address these risks. Make sure you document all policies and controls you have in place and highlight any areas which may need improvement.
Every business should have an acceptable-use policy and training materials for staff so that they know and understand the responsibilities they have for data protection and security. If you need any guidance in creating an acceptable-use policy, we can help
9. Minimise your data
The Data Protection Act states that all personal data should be accurate, up-to-date and kept for no longer than is necessary. Conduct regular reviews of your data and delete anything which you no longer need; this may require the use of specialist software in order to make sure the data is deleted securely.
10. Holding providers to account
The previous nine steps have all been actions which you can do as a business to ensure your IT is secure but it is important that your IT contractor is doing what they should be too.
As we place an increasing reliance on technology, it is vital that business owners value and protect their IT, especially as the consequences of insecure systems and information can be very costly.
For more information about IT security, read the Information Commissioner’s Office’s Practical Guide to Security or talk to one of our security experts to find out how Perfect Image can help you improve and maintain the IT security of your business.