Cyber-securing your small business
Developing a written programme
Do you store personal information, financial account information or email addresses?
The EU General Data Protection Regulation (GDPR) applies to all companies processing the personal data, by controllers and processors, of subjects residing in the EU; regardless of the company’s location. Therefore, knowing what information you have and its location is the first step in expediting and lowering the cost of responding to cyber-attacks and data breaches.
Implement physical controls
Patch and update regularly
Deploy cybersecurity software
Employ multiple redundancies for backups
Backing your data up to the cloud is good, but backing it up to air-gapped storage (a storage device that is not connected to the Internet or other networks) is better. Recent ransomware attacks have encrypted networks as well as cloud backups.
To ensure that your business can recover quickly and reduce remediation costs after an attack, employ multiple backups.
Control physical access to your computers and data
Secure Wi-Fi networks
Employ best practices for payment cards
Vet vendors’ cybersecurity
Implement behavioural controls
Cybersecurity professionals routinely warn that employees pose the greatest threat to even the most rigorous cybersecurity programme. Training is the most effective measure you can take to bolster your policies and programme. It’s not sufficient to distribute your policies and ask employees to sign off.
In addition to formal training, consider posting security posters, encouraging employees to attend free cybersecurity webinars, and regularly educating them about current threats. Consider exercises such as phishing your own employees to reinforce the best security practices.
Address unauthorised devices and shadow IT
HSB's technology solutions
HSB Cyber Insurance provides a computer, data and cyber insurance policy all in one for small and medium-sized businesses.
HSB Computer Insurance provides comprehensive cover for commercial computer hardware, data losses, increased costs, and virus, hacking and denial of service.