IT Security – a Strategy not just a Sticking Plaster

Occasionally, you may need to complete a form to demonstrate your company’s commitment to IT security. We frequently assist clients with this requirement, particularly common among FCA regulated businesses.

Whilst completing the form is pretty straightforward, it can feel like it’s a sticking plaster rather than a strategy.

What do we mean by that?

Rather than just ticking boxes to confirm policies are in place, what about stepping back and really looking at your business?

Is the company serious about IT and data security, and what would that look like?

Here are some things to think about:

All staff have regular IT security training – regular testing typically involves embedding training, often through mock phishing emails

Passwords – do you have protocols to force regular password updating? Do you make sure all staff use a secure password storage app such as LastPass, rather than their browser?

Is multi-factor authentication set up for all devices to ensure users are trusted before accessing systems?

Data access – are controls in place to ensure all users only have access the information they need to carry out their duties effectively?

Data control – do you have the protocols in place to enable you to track all of your data. Where it’s filed, when it was edited and by who?

Penetration testing – we work with a trusted partner who can ethically “hack” your business/systems to test how easy it is to get through your existing security measures

Patch management – do you have a process in place to ensure all machines are regularly updated with patches for all software and operating systems? Do you spot check that to make sure it happens?

Anti-virus software – do you have this installed on all desktops and laptops?

Restore of backups – to ensure backups are effective and can be used if needed. It’s always best to test this when everything is working effectively, not wait until there is a disaster

Lock screen – is this set up for all devices to ensure data is secure if a user leaves the device unattended for a period of time?

Storage of company devices – leaving laptops under chairs when in a bar, or on the back seat of a car, is just an invitation. All devices should be stored away from prying eyes and secured to reduce the risk of theft.

Taking out insurance to protect against ransomware attacks and phishing may also be worth you considering.

You can control many of the protocols and considerations we’ve shared through the Microsoft 365 portal.

You can establish parameters across the company or delve into specifics based on the nature of work in each department.

Making IT security a true strategy in your business is not going to make it 100% risk free – there’s no such thing. However, it will significantly reduce the risk, and keep the compliance bods happy. And just as important – it will help you sleep at night!

Additional peace of mind can also be achieved through security accreditation. We have achieved the Cyber Essentials Plus certification, and going through that process was a good exercise in reflecting on what’s really in place across the business.

And, on that subject, why don’t we help you lift the bonnet on what needs fixing in your business?

We offer an in-depth IT security audit where we identify the specific risks for your business together with our recommendations. Please let us know if you would like to arrange this – 01784 437 123.