What Is Cyber Security?
You probably read or hear a lot about cyber security. You will see lots on in the media about it. Newspaper articles about multi-million-pound ransoms, GDPR fines and mega-bytes of exposed data. But what does it actually mean for your business?
The bad news is that every business is at risk from cybercrime. ESPECIALLY small businesses.
So, every business needs to invest in cyber security. The good news is that it isn’t as complex (or costly) as you might think to get some decent, basic security in place.
A Framework For Cyber Security
Think about your home.
You can identify things you want to protect in your home. These might be expensive items such as jewellery, electronics, or cars. They might be your bank details and access to your accounts. And finally, it’s the people themselves – your family.
In order to protect them, you’ve got things like door locks, window locks, and lights that come on when there is someone approaching the property.
You will possibly have some items that detect if someone tries to break in. An alarm is the obvious thing here. Or you might have a neighbourhood watch group active in your area. If the alarm goes off, you’ll have some sort of response, such as the police, maybe a private security firm. If you’re in the house it may be you!
Finally, if thieves do get in, you’ll have things to help you recover. The most obvious here is insurance.
This thinking can be illustrated like this:
Applying This To Your Business
You can apply the same thinking to cyber security for your business.
Firstly you’ll identify what you want to protect. This is going to be your data. But you’ll need to understand what data you have. For example personal data on your clients or employees will need better protection than say you weekly tea making rota!
Then you need to consider how to protect that data. This is where your first set of tools come in. Things like anti-virus and firewalls try to prevent people getting at your data. Staff training is another useful tool. Even your passwords are there to protect your data.
If someone gets through that protection, then you need something that detects this. This might be a human alert, for example when someone gets a ‘dodgy’ looking email. Or it may be a tool used by your IT provider. You might have something called Endpoint Detection and Response (EDR) which detects attacks on laptops, desktops and servers.
Next you need a response. This might just be an individual deleting an email and informing IT. If an attack has got through, this could be a team that removes the threat and looks to restore your systems.
And finally you need to recover. This is where your back up and disaster recovery comes in. Insurance might well be part of this too.
This looks like this:
Make sense? Good.
We can look at these elements individually.
Identify What You’ve Got
It seems like the simple bit – what do you want to protect?
It can be time consuming though, especially if your file structure is not the best.
But having your data sorted, and knowing what you are prioritising protecting and being able to recover is your starting point.
Protect, Protect, Protect
Most small businesses focus purely on the Protect element of the framework. This is reasonably sensible. However, it normally means they install Antivirus and hope for the best. THAT is not sensible!
The protect part of the framework benefits from a layered approach.
Let’s continue the analogy with protecting your home. Your next door neighbour has motion-sensor lights, cameras, an alarm, and a guard dog. You on the other hand left this morning and forgot to shut the front door. Who’s getting burgled?
The lights, cameras, alarms etc. are like the layers of protection. They simply make you more difficult to get into. AV on it’s own is the very, very, very least you should have.
Detect & Respond
Even with the lights, cameras, alarms, and guard dog a determined burglar can still get into your neighbour’s house. It puts off the casual thief, but the professionals might feel there is something worth more of their time inside.
Businesses often forgot that with cyber security. They believe if they chuck lots of products (and money) at the Protect element, they’ll be fine.
Quite often a single solution can help with both detect and respond so we’ve put them together.
Backup, backup, backup
People in IT have been talking about backups for years. But we still find people without them. Or with something that just isn’t suitable for them. Lets just address one thing here: One Drive , or Google Drive, are NOT an effective backup solution for a business.
Another common issue is that a business has a backup, but no knowledge about how to restore it. And no idea how long it might take. A full system restore can take days. But if you’ve done the ‘identify’ bit you can have the vital data, the stuff you can’t operate without, back in minutes. Even in the event of serious attack, or catastrophic hardware failure, you could be running your business again quickly.
Bringing it All Together
We hope that helps to explain what Cyber Security is. It’s not complicated, like a lot of things in the world of technology it’s got a lot of fancy terms and acronyms that make it sound more complex than it is!
The mistake a lot of people make is to focus purely on protection, and never think about the other elements. Nobody can make any business, person or even government 100% safe from cyber attack. This is why there has to be something beyond the protection.
One way to ensure you’ve thought about all of the elements is to achieve the Cyber Essentials standard. Not only does the Cyber Essentials Framework provide a good basis for security in your business, you also get a badge that shows your clients, staff, stakeholders and everyone else that you’re taking cyber security seriously.
How We Can Help
We provide our Managed Service Clients with something called Security Essentials as part of their support package. It’s a basic level of protection. We then start to discuss the other elements of this framework and build their personalised cyber security solution over time as budgets and risk dictate.
Becoming one of our Managed Service Clients starts with a 15-minute call. In this call we’ll find out what technology you have, discuss your current IT issues and talk about what you need from your technology. There is no obligation to move to a full IT Assessment following this call, and no obligation to buy anything, ever. You can call us on 0115 8220200 or complete our contact form and we’ll get back to you.
15-minute response time
NO LONG-TERM CONTRACTS
Low Risk & Complete Flexibility
An Extension of Your Business