This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Taking cyber security seriously

Author : Clare Fleming

20 October 2016

Advice to SME businesses on the risk posed by breaches in security and how to protect against these.

Step A: Assess the risk to your business

The first step in the process is understanding exactly what is meant by personal data.

Companies store a significant amount of it, both about employees, their clients or suppliers that can include dates of birth, phone numbers, addresses, email addresses and even medical records.

Individually this data can form a strong starting point for somebody from outside the business to commit a breach.

Step B: Document your policies and procedures to clearly state how you will manage data security and cyber risks

Understanding the scale of the potential problem and its consequences will enable a business owner to determine how to progress; will additional help be needed from an external agency or can you produce a security plan internally that suits your needs?

Developing a document showing the full business impact assessment will enable you to understand what information is obtained, processed, stored, passed to others and ultimately disposed of, as well as identify how to mitigate any breaches that could occur at either of these stages.

Written procedures will give your cyber security plan clarity and a designated approach that can be followed by all employees, including keeping track of regular checks and highlighting areas of progress.

Step C: Consider how valuable, sensitive or confidential the information is and what damage or distress could be caused to individuals if there was a security breach

Having determined the various types of personal data held the next step is to evaluate the value of that data in terms of whether it is replaceable and how much it would cost to replace it.

There should be assessments of the tolerance senior members of staff have towards risk – low tolerance means that senior members of staff will not tolerate any information being lost at any cost, high tolerance means that information can be lost with little impact.

Step D: With a clear view of the risks you can begin to choose the security measures that are appropriate for your needs

It may be that some levels of protection are already in place but are not being used correctly or may have holes in them.

Weak links in your existing security chain can be determined by a technical assessment such as a penetration test and overcome with physical and/or administrative controls.

At the forefront of ensuring that the introduction of data security procedures goes smoothly, employees should be made aware of their roles and responsibilities, particularly when a data breach occurs.

The GDPR states that data breaches must be reported within 72 hours so having a clear plan of action laid out in your management system is essential along with regular tests to ensure these plans are effective.

Step E: Begin putting the measures in place

At the heart of a successful cyber security plan is cultural adoption.

With the support of all employees, the responsibility is divided, making the tasks smaller and more achievable.

The active support of senior management members is proven to increase the chances of other staff members adopting the processes wholeheartedly.

In addition, a continual flow of incentives, motivation and varied key messages will discourage staff from reverting to old ways.

If this approach can demonstrate the personal impact on staff, these messages will become even stronger.

While the sophistication of attacks is continually increasing, it is the remit of all employees within a SME to protect their business.

With united support, it is possible for cyber security protection processes to become an ingrained mind set to the benefit of SMEs in the future.

Print this page | E-mail this page


Article image Why the Law Says You Need a Nappy Bin Disposal Service

At home, parents are used to disposing of their babies’ used nappies the same way they do any other domestic waste - bagging it up and sticking it in the rubbish for general collection.Full Story...

Article image Registration opens for SME public sector contracts

Service providers wishing to apply for public sector fast-tracked, lower value contracts in the New Year are now able to register.Full Story...

Legionella failings result in substantial fine and updated water management processes

Birmingham-based education caterer purchased

Benchmarking maintenance