Cyber security: immediate recommended actions

Cyber Resilience 4th December 2023

Do you know what actions you can take immediately that will reduce your cyber risk? This guide will share 5 areas that we recommend you review today and make changes to improve your cyber security posture.

You’ll find the quick summary at the start to save you time and cut to the key points you need to know. The rest of this blog will give you the details so you understand the importance, as well as help you gain the knowledge you need.

Key takeaways;

  • Everyone is at risk, including not-for-profit/charities.
  • Cyber and information security is not complex, not expensive.
  • There are many types of attacks and threats, but not all of them are external.
  • You cannot ignore cyber risk, you must at minimum assess it to make an informed decision on your next actions.

Cyber risk

Cyber risk is the chance of exposing business information and IT & communication systems to an unauthorised person or circumstances capable of causing loss or damage.

Business information; information that holds meaning, value or significance for your business.

Before you can begin to address cyber risk in your organisation you need to understand this.

The industry standard for assessing IT systems and applications is known globally as the CIA Triad. This is made up of 3 key concepts; Confidentiality, Integrity & Availability.

This is also part of Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.

There are some immediate actions we recommend you take which will reduce your risk;

1. Backup your information & data

Given how much you rely on your business information/data to operate it is critical that you have a backup. You will need this to restore your data after any kind of disaster, including; fire, flood, cyberattack, theft or damage.

  • Identify what data you need to back up and how often.
  • Keep your backup separate (physically and digitally) from your IT systems, consider the cloud
  • Test your backup.

Make backing up data part of your everyday business operations.

2. Protect against cyberattacks

There are many types of cyberattacks, below are some simple checks to reduce the likelihood of an attack.

  • Install (and turn on) antivirus software.
  • Prevent trustees, volunteers or staff from downloading dodgy apps.
  • Keep all your IT equipment and software up to date (patching).
  • Control how USB drives (and memory cards) can be used.
  • Switch on your firewall.

3. Keep smartphones and tablets safe

Agile and remote working is a way of life these days, which means we are more dependent on mobiles and tablets. Security on these devices is often overlooked, below are a few tips to keep these devices secure.

  • Install (and turn on) antivirus software.
  • Prevent trustees, volunteers or staff from downloading dodgy apps.
  • Keep all your IT equipment and software up to date (patching).
  • Control how USB drives (and memory cards) can be used.
  • Switch on your firewall.

4. Use passwords to protect your data

Passwords, are the most talked about and least loved part of everyday life you live in. These are free, easy and effective ways of preventing anyone from accessing your device if they are implemented correctly!

  • Make sure you switch on password protection; password, PIN (6-digit), fingerprint & facial recognition.
  • Avoid using predictable passwords; they should be easy to remember but difficult to guess.
  • Change all default (manufacturer) passwords.
  • Use two-factor authentication (2FA) for ‘important’ accounts, this is an extra “proof” of identity before you can access information. This is a small effort but adds a lot of security.
  • Keep passwords separate, use different passwords for work and personal.

5. Avoid phishing attacks

One of the most prevalent types of cyberattack in the UK. Typically, fake emails are sent to thousands of people in the hope of obtaining your personal information or your money!

  • Know what a phishing scam looks like.
  • Emails from public domain e.g. are not usually used for business emails.
  • Domain is misspelt e.g.
  • Email is poorly written e.g. bad grammar, misspellings etc.
  • Message gives a sense of urgency e.g. suspended service, account locked, suspicious activity on an account etc.
  • Don’t click on that link or open an attachment unless you are sure it is a legitimate email.
  • Don’t give out important information unless you must.
  • Don’t be tempted by those pop-ups.
  • Don’t give your information to an unsecured site; check it starts with “https” and the padlock is visible.

If in any doubt, STOP! Report this to IT and contact the sender directly (do not use contact details in the email) to verify the email.

We hope you have found this guide useful, our team can be reached on 03300 0241666 or should you have questions or want to better understand what your business needs.

Further reading:

Defence, protection, security. We've got you covered.

Whether you need to enhance your approach to cyber threats, overhaul your IT infrastructure or improve your communications, we’re here to help and advise. Talk to a specialist today and take the next step towards being a stronger, more resilient business.

Speak to a specialist

Need support? Take Control.

The button below is to be used when instructed by our technical support team. This will allow a file to be downloaded to your device for them to take control and help solve the issues you are having.

ND Take Control

exe · 7.6MB

Please note: only to be used when instructed by a member of our support team. Windows devices only.