What do we mean by Cyber Security?
Cyber security, also known as computer security or IT security, is the protection of computer systems from theft and damage to hardware, software or information, as well as from disruption or misdirection of services provided.
Why is this important?
Effective cyber security reduces the risk of cyber-attacks and protects organisations and individuals from the unauthorised exploitations of systems, networks and technologies.
More and more data are now being stored about individuals, not only on local hard drives but also in cyberspace or as it’s now more commonly known ‘the cloud’. All Internet-facing organisations are at risk of attack. And with a hacker attack on average every 39 seconds it’s not so much a question of if you’ll be attacked but when.
As a business owner it is your duty to ensure that any data you hold about an individual is protected as far as is reasonably possible, the consequences of not doing so could mean heavy fines or worse still, the loss of your business and reputation.
So, what can you do about this?
- Take stock of what data you hold. Is it personal about individuals? Date of birth, card details or addresses? Do you have permission to hold this data? Are you registered with ICO?
- Where is it held? On your own server or somewhere else? Find out who holds the data and what protection they have for it.
- Make sure your firewalls and anti-virus software is up-to-date and keep it that way. Regular updates, preferably automatic to make sure no cyber-attacks can get to you.
- Know your customers and suppliers, check who you are dealing with, are they genuine. Simple Google searches will reveal plenty.
- Make sure you have a plan for when a cyber-attack occurs, as it will at some point in the future. Regular back-ups, held remotely and securely, a procedure to follow to notify staff, customers and suppliers to ensure any damage is limited and proportional
- Be ready and be vigilant, make sure your staff know how to recognise an attack, and what to do about it. Don’t punish staff if they get caught out, that only discourages reporting.
Further support can be found on the National Cyber Security Centre Guidance website.