Net Defence Black Logo

Cyber Resilience

Protect your business from cyber risk.

View Services

IT Support

Manage your technology infrastructure.

View Services

Telephony

Keep your organisation connected.

View Services

Give your organisation the very best in protection, connectivity & support. Speak to a specialist today

Take Control

Home / Insights / Cyber security: immediate recommended actions

Cyber security: immediate recommended actions

Profile picture

John Hay

Head of Cyber Resilience

Cyber Resilience 4th December 2023

Cyber security: immediate recommended actions

Do you know what actions you can take immediately that will reduce your cyber risk? This guide will share 5 areas that we recommend you review today and make changes to improve your cyber security posture.

You’ll find the quick summary at the start to save you time and cut to the key points you need to know. The rest of this blog will give you the details so you understand the importance, as well as help you gain the knowledge you need.

Key takeaways;

  • Everyone is at risk, including not-for-profit/charities.
  • Cyber and information security is not complex, not expensive.
  • There are many types of attacks and threats, but not all of them are external.
  • You cannot ignore cyber risk, you must at minimum assess it to make an informed decision on your next actions.

Cyber risk

Cyber risk is the chance of exposing business information and IT & communication systems to an unauthorised person or circumstances capable of causing loss or damage.

Business information; information that holds meaning, value or significance for your business.

Before you can begin to address cyber risk in your organisation you need to understand this.

The industry standard for assessing IT systems and applications is known globally as the CIA Triad. This is made up of 3 key concepts; Confidentiality, Integrity & Availability.

This is also part of Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.

There are some immediate actions we recommend you take which will reduce your risk;

1. Backup your information & data

Given how much you rely on your business information/data to operate it is critical that you have a backup. You will need this to restore your data after any kind of disaster, including; fire, flood, cyberattack, theft or damage.

  • Identify what data you need to back up and how often.
  • Keep your backup separate (physically and digitally) from your IT systems, consider the cloud
  • Test your backup.

Make backing up data part of your everyday business operations.

2. Protect against cyberattacks

There are many types of cyberattacks, below are some simple checks to reduce the likelihood of an attack.

  • Install (and turn on) antivirus software.
  • Prevent trustees, volunteers or staff from downloading dodgy apps.
  • Keep all your IT equipment and software up to date (patching).
  • Control how USB drives (and memory cards) can be used.
  • Switch on your firewall.

3. Keep smartphones and tablets safe

Agile and remote working is a way of life these days, which means we are more dependent on mobiles and tablets. Security on these devices is often overlooked, below are a few tips to keep these devices secure.

  • Install (and turn on) antivirus software.
  • Prevent trustees, volunteers or staff from downloading dodgy apps.
  • Keep all your IT equipment and software up to date (patching).
  • Control how USB drives (and memory cards) can be used.
  • Switch on your firewall.

4. Use passwords to protect your data

Passwords, are the most talked about and least loved part of everyday life you live in. These are free, easy and effective ways of preventing anyone from accessing your device if they are implemented correctly!

  • Make sure you switch on password protection; password, PIN (6-digit), fingerprint & facial recognition.
  • Avoid using predictable passwords; they should be easy to remember but difficult to guess.
  • Change all default (manufacturer) passwords.
  • Use two-factor authentication (2FA) for ‘important’ accounts, this is an extra “proof” of identity before you can access information. This is a small effort but adds a lot of security.
  • Keep passwords separate, use different passwords for work and personal.

5. Avoid phishing attacks

One of the most prevalent types of cyberattack in the UK. Typically, fake emails are sent to thousands of people in the hope of obtaining your personal information or your money!

  • Know what a phishing scam looks like.
  • Emails from public domain e.g. @gmail.com are not usually used for business emails.
  • Domain is misspelt e.g. @micorsft.com.
  • Email is poorly written e.g. bad grammar, misspellings etc.
  • Message gives a sense of urgency e.g. suspended service, account locked, suspicious activity on an account etc.
  • Don’t click on that link or open an attachment unless you are sure it is a legitimate email.
  • Don’t give out important information unless you must.
  • Don’t be tempted by those pop-ups.
  • Don’t give your information to an unsecured site; check it starts with “https” and the padlock is visible.

If in any doubt, STOP! Report this to IT and contact the sender directly (do not use contact details in the email) to verify the email.

We hope you have found this guide useful, our team can be reached on 03300 0241666 or contact@net-defence.co.uk should you have questions or want to better understand what your business needs.

Further reading:

2023 Cyber trends that are following businesses into 2024

Cyber Resilience 10th April 2024

2023 Cyber trends that are following businesses into 2024

Here is our round up of the cyber security trends and attacks that we believe all businesses need to be on high alert for in 2024.

 

Read more

A call for views on the UK’s Cyber Governance Code Of Practice

Cyber Resilience 5th February 2024

A call for views on the UK’s Cyber Governance Code Of Practice

The Cyber Governance Code of Practice aims to address the ever expanding number of cyber security risks threatening organisations. Let’s take a look at how it works.

 

 

Read more

Cyber Essentials: assurance & opportunities

Cyber Resilience 12th December 2023

Cyber Essentials: assurance & opportunities

In this article, we’ll consider how Cyber Essentials Plus (CE+) can help you to identify and address potential security weaknesses and strengthen your cybersecurity posture.

Read more

Cyber security: immediate recommended actions

Cyber Resilience 4th December 2023

Cyber security: immediate recommended actions

Everyone is at risk when it comes to cyber security. Here are some actions that you can take immediately in order to reduce your cyber risk.

Read more

Unlocking cyber security: navigating CE and CE+

Cyber Resilience 4th November 2023

Unlocking cyber security: navigating CE and CE+

Cybersecurity is critical for your organisation and Cyber Essentials (CE) and Cyber Essentials Plus (CE+) certifications are key. Let’s take a look at the differences between these two certifications and how they can enhance your security stance.

 

Read more

Cyber Insurance

Cyber Resilience 24th October 2023

Cyber Insurance

In this article, we’ll take a look at what cyber insurance is, and how it can protect your business.

Read more

Defence, protection, security. We've got you covered.

Whether you need to enhance your approach to cyber threats, overhaul your IT infrastructure or improve your communications, we’re here to help and advise. Talk to a specialist today and take the next step towards being a stronger, more resilient business.

Speak to a specialist

Need support? Take Control.

The button below is to be used when instructed by our technical support team. This will allow a file to be downloaded to your device for them to take control and help solve the issues you are having.

ND Take Control

exe · 7.6MB

Please note: only to be used when instructed by a member of our support team. Windows devices only.