It’s always the big cyber security attacks that steal the headlines, but dig a little deeper and there are everyday stories of hacker inflicted misery – many of which could have been prevented.
So, if you are increasingly concerned about the threat to your own data and are looking for advice, this guide is for you.
It’s part one of a two-part series reviewing the ‘best of’ the many respected sources of cyber security advice available, with some of our most popular articles included.
The Ascentor blog has always aimed to produce helpful cyber security content, much of it focused on preventative measures. We also regularly share examples of high quality content written by other trusted sources. It seemed logical to bring some of the best examples together.
This month we look at guidance on educating your employees about cyber security, putting the case to the board and sources of advice for small and micro businesses.
But, first here’s some recent research on the causes of attacks. Think it’s all about ransomware? You might be surprised.
The 2017 Cyber Security Breaches Survey
The annual UK Government Cyber Security Breaches Survey measures how well UK businesses approach cyber security, and the level, nature, and impact of cyber attacks on businesses.
It found that just under half (46%) of all businesses identified at least one breach or attack in the last year. The most common types of breaches were by staff receiving fraudulent emails (72% of those who identified a breach or attack), followed by viruses and malware (33%), people impersonating the organisation online (27%) and ransomware (17%).
So, despite the viruses and malware, the human factor and the need for good employee cyber security awareness is as important as ever. Let’s start by looking at your people.
Educating your employees about cyber security
We like this guide from Kaspersky, designed to provide you with tips for educating your employees about cybersecurity . It contains 10 people related tips, covering social engineering, training employees on how to recognise an attack and what to do if an incident happens. They emphasise that it’s important to train employees on what to do before you have a data breach, not to wait and react.
Similarly, this article from TechRepublic contains 10 tips for helping all employees understand cyber risk and best practices . They take the view that cyber security training shouldn’t be an annual event, but, similar to updating hardware or operating systems, you need to consistently update employees with the latest security vulnerabilities and train them on how to recognise and avoid them.
Guidance for the board on cyber security
Any strategy to focus employees attention on cyber security awareness will only succeed with support from the board, but, research shows that there can be a gap between intention – and action.
The latest Cyber Security Breach Survey 2017 found 74% of directors or senior management saying that cyber security is a high priority but only 20% provided staff with cyber security training – and only 33% had any formal policies in place.
So, to convince the board to take action, we created a new Slideshare presentation called ‘Convince your board: Cyber attack prevention is better than cure’ . It covers basic security controls, how to avoid exploitation and links for additional prevention information.
The excellent 10 Steps to Cyber Security from the National Cyber Security Centre (NCSC) also emphasises why protecting your information is a board-level responsibility, and contains a guide to cyber security written for the board.
It also has links to 10 NCSC technical advice sheets you should consider putting in place, including risk management, network security, incident management and home and mobile working.
We believe that every board needs to make a firm commitment to managing information risks – which is why we’ve also produced a practical paper that demystifies Information Risk Management (IRM), helping all members of the board recognise and communicate the risks in business terms. Written for leaders of small and large organisations alike, you can download your copy of The Board’s Guide to Information Risk .
Guidance for small/micro businesses
The Cyber Security Breach Survey 2017 found that over two-fifths (45%) of all micro/small businesses identified a cyber security breach or attack in the last year. But it also found that these smaller businesses were less likely to have cyber security measures in place, such as formal policies or cyber security training for staff.
So, where does the smaller business look for cyber security guidance? We’ve found the following resources:
Let’s start with the UK Government guidance ‘Cyber security: advice for small businesses’ . We think this is a good summary of how to keep your business safe online – and the measures you need to put in place. It includes advice on using strong passwords, updating software, staff awareness and training, managing risk and, using the Cyber Essentials scheme to protect against common online threats.
The Cyber Essentials Scheme enables smaller businesses to start implementing basic cyber security measures and Ascentor offer various routes to Cyber Essentials certification – covered in our Guide to the Cyber Essentials Scheme .
Cyber Essentials also forms part of the small business guidance provided by the Information Commissioner’s Office (ICO). They have produced a useful document covering 10 practical ways to keep your IT systems safe and secure .
This has been a whistle-stop tour of cyber security advice and other articles we feel sure will be of value. But, if there is one piece of advice that sits above everything it’s that prevention is much better than cure. The message within many of these guides is that cyber security controls don’t need to be complex or cutting edge to be effective. Basic measures can defeat the majority of basic attacks – but only if they are put in place.
In part-two of this series , we point our lens at ransomware, the insider threat, guidance for suppliers to HM Government and, if you’ve ever wondered what all those cyber security terms mean – we’ll have some of the answers.
For further information
If you’d like to discuss how ourconsultants could advise on any aspect of cyber security, please contact Dave Jamesat Ascentor.
Email: [email protected]
Office: 01452 881712
Other articles you might like