We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. Clicking continue will proceed with all cookies and remember your preferences for future visits.
Accept and continue to site
Configure your cookie options

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. These optional cookies can be turned on and off below. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Privacy & Cookies Policy.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work, please see our Privacy & Cookies Policy.

Save & Close

Reduce a Cyberattack - Lower The Risks To Your Business

The amount of cyber-attacks on UK organisations is unfortunately on the rise, with a 2015 Government report stating that 69% of large organisations and 38% of small businesses were attacked by an unauthorised outside in the last year. The average cost of an attack to a large organisation was estimated as being between £1.46m – £3.14m; whilst the average cost to a small business was between £75k – £311k.

Given that the financial implications of a cyber-attack can seriously harm, or even end, a business, here are some expert tips to help you get started with your cyber-security plan.

1. Be proactive

Don’t be the business left picking up the pieces following a cyber-attack due to adopting the attitude of it’ll never happen to me. As with any business continuity plan, you need to prepare in advance in order to minimise any damage and protect your organisation’s finances, customers confidence and brand reputation.

2. Think beyond technology

Whilst technology measures, such as firewalls and security software, are needed it’s important that your organisation manages information security aligned to the ISO 27001 international information security standard. It’s also worth considering appointing a dedicated information security manager to create and then coordinate the roll-out of any policies and processes.

3. Raise security awareness

Many organisations are guilty of neglecting the need to raise staff awareness of cybersecurity, even though employees are often unwittingly major threats to their business. It’s important to train staff to think about, take ownership of, and report any information security threats.

4. Get buy-in from the top

In a worst-case scenario, the first conversation you will have with company stakeholders about cybersecurity will be after an attack, when it’s too late. To help justify information security investment, document the estimated financial impact of IT downtime to your business. If that doesn’t work, it might be worth showing them some recent news stories about high-profile hacks.

5. Build more than one firewall

To make it harder for cybercriminals to reach your system, you should build dual layers of firewalls. This will help protect your core back-end IT services which are not immediately customer-facing, separating them from internet-facing IT services in a demilitarised zone (DMZ). It’s also worth considering two different providers to ensure you don’t suffer from the same security vulnerabilities.

6. Control the use of company equipment

Make sure you have solutions in place that allow your IT team to lockdown staff equipment, monitor their use of the internet, and control what they can download and install. By investing in a mobile device management (MDM) solution, you will be able to enforce policies and remotely wipe devices containing confidential information through the cloud, helping minimise the risk of a security threat.

7. Create a BYOD policy

Whilst allowing staff to use their personal devices in the office might improve morale, it can also leave you vulnerable to a cyber-attack if you haven’t got a bring-your-own-device (BYOD) policy in place. Educate the staff so they know their responsibilities and know what types of corporate data they can access. It’s good practice to ask staff to install antivirus software, too.

8. Manage IT supplier security

If third-party suppliers have access to your sensitive information, such as customer data and commercial plans, how do you know that they will protect it as diligently as you do? The fact is you don’t unless you work closely with your supply chain. To prevent any risk of a breach of confidentiality, consider creating/revising contracts in order to manage information risk.

9. Regularly audit your IT estate

As technology continues to develop and new software arrives on the market at an unprecedented rate, it’s important to regularly review your strategy to make sure it’s up-to-date and your security methods still work. Review all your servers, desktops and equipment to identify anything where contracted support has ceased or is nearing the end of support.

10. Think strategically

Are your firewalls, threat detection and anti-virus measures aligned with one another and with information security processes? Finally, make sure your information security personnel monitor cybersecurity industry trends so that they can try to pre-empt for threats in advance.

Click here to learn more about our cybersecurity solutions