When it comes to preventing cyber attacks on your business – no matter how big or small your firm may be - it’s vital to have a security plan in place.
The 2014 Information Security Breaches Survey found 81 per cent of large companies had reported some form of security breach, costing each an average of £600,000 to £1.5m.
Writing and implementing a plan need not be daunting and, as part of Humberside Police’s Cyber Security – Has It Clicked? campaign, force experts have put together advice on how to get started.
Superintedent Phillip Ward said: “You need to take a systematic approach to security and the first step towards doing that is to compile and implement an effective security plan.
“This should be reviewed regularly in line with your changing business needs, market conditions and evolving threats.”
“Don’t worry about getting it perfect right from the start. Having a good plan in place today then refining and updating it, is better for your business than waiting until your plan is perfect.
“There’s nothing to stop you refining and updating it.”
There are five steps to formulating and maintaining an effective plan:
Audit – Do an honest appraisal of the skills of you and your team to determine if you require training or outside help.
Identify the assets and information that need protection, including hardware, software, data and documents. What are the threats and risks?
Plan – Write out your strategy for managing these risks and agree a timetable for implementation. Among the things an effective plan should consider are:
- Commitment and buy-in from management
- Establishing an information security policy and information risk management, by giving clear classification to information (internal only, public domain, confidential etc) and assigning responsibility for information assets
- New employees should be vetted and, on commencing employment should be signed up to non-disclosure agreements and given training around online systems and basic security measures, such as how to spot a phishing email and password security.
- Ensure your software is regularly updated and that you have high standard firewalls in place. Remember, if something is free it’s usually for a reason. It’s prudent to invest in a higher quality security package to get the best protection.
- Network security management and encryption.
- Procedures for testing, identifying, reporting and dealing with any weaknesses in online security.
- Compliance with legal requirements – such as the Data Protection Act – and industry standards for your sector.
Execute – Communicate the plan to staff and arrange training where needed.
Monitor – keep up to date with the latest threats and ensure you take steps to mitigate them. You could also consider joining the Yorkshire and Humber CiSP - a free service for businesses, providing real time advice on beating cyber criminals. Ensure your software is regularly updated.
Repeat – Look to review your plan every six to 12 months, or whenever significant changes are made to the business.
For more advice on protecting your business, click here.
For more information, keep checking www.humberside.police.uk, follow @humberbeat #HPcybercrime on Twitter or like the Humberside Police Facebook page.