Net Defence Black Logo

Cyber Resilience

Protect your business from cyber risk.

View Services

IT Support

Manage your technology infrastructure.

View Services

Telephony

Keep your organisation connected.

View Services

Net Defence

Give your organisation the very best in protection, connectivity & support.
Speak to a specialist today

Take Control

Home / Insights / Cyber security: immediate recommended actions

Cyber security: immediate recommended actions

Profile picture

John Hay

Head of Cyber Resilience

Cyber Resilience 4th December 2023

Cyber security: immediate recommended actions

Do you know what actions you can take immediately that will reduce your cyber risk? This guide will share 5 areas that we recommend you review today and make changes to improve your cyber security posture.

You’ll find the quick summary at the start to save you time and cut to the key points you need to know. The rest of this blog will give you the details so you understand the importance, as well as help you gain the knowledge you need.

Key takeaways;

  • Everyone is at risk, including not-for-profit/charities.
  • Cyber and information security is not complex, not expensive.
  • There are many types of attacks and threats, but not all of them are external.
  • You cannot ignore cyber risk, you must at minimum assess it to make an informed decision on your next actions.

Cyber risk

Cyber risk is the chance of exposing business information and IT & communication systems to an unauthorised person or circumstances capable of causing loss or damage.

Business information; information that holds meaning, value or significance for your business.

Before you can begin to address cyber risk in your organisation you need to understand this.

The industry standard for assessing IT systems and applications is known globally as the CIA Triad. This is made up of 3 key concepts; Confidentiality, Integrity & Availability.

This is also part of Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.

There are some immediate actions we recommend you take which will reduce your risk;

1. Backup your information & data

Given how much you rely on your business information/data to operate it is critical that you have a backup. You will need this to restore your data after any kind of disaster, including; fire, flood, cyberattack, theft or damage.

  • Identify what data you need to back up and how often.
  • Keep your backup separate (physically and digitally) from your IT systems, consider the cloud
  • Test your backup.

Make backing up data part of your everyday business operations.

2. Protect against cyberattacks

There are many types of cyberattacks, below are some simple checks to reduce the likelihood of an attack.

  • Install (and turn on) antivirus software.
  • Prevent trustees, volunteers or staff from downloading dodgy apps.
  • Keep all your IT equipment and software up to date (patching).
  • Control how USB drives (and memory cards) can be used.
  • Switch on your firewall.

3. Keep smartphones and tablets safe

Agile and remote working is a way of life these days, which means we are more dependent on mobiles and tablets. Security on these devices is often overlooked, below are a few tips to keep these devices secure.

  • Install (and turn on) antivirus software.
  • Prevent trustees, volunteers or staff from downloading dodgy apps.
  • Keep all your IT equipment and software up to date (patching).
  • Control how USB drives (and memory cards) can be used.
  • Switch on your firewall.

4. Use passwords to protect your data

Passwords, are the most talked about and least loved part of everyday life you live in. These are free, easy and effective ways of preventing anyone from accessing your device if they are implemented correctly!

  • Make sure you switch on password protection; password, PIN (6-digit), fingerprint & facial recognition.
  • Avoid using predictable passwords; they should be easy to remember but difficult to guess.
  • Change all default (manufacturer) passwords.
  • Use two-factor authentication (2FA) for ‘important’ accounts, this is an extra “proof” of identity before you can access information. This is a small effort but adds a lot of security.
  • Keep passwords separate, use different passwords for work and personal.

5. Avoid phishing attacks

One of the most prevalent types of cyberattack in the UK. Typically, fake emails are sent to thousands of people in the hope of obtaining your personal information or your money!

  • Know what a phishing scam looks like.
  • Emails from public domain e.g. @gmail.com are not usually used for business emails.
  • Domain is misspelt e.g. @micorsft.com.
  • Email is poorly written e.g. bad grammar, misspellings etc.
  • Message gives a sense of urgency e.g. suspended service, account locked, suspicious activity on an account etc.
  • Don’t click on that link or open an attachment unless you are sure it is a legitimate email.
  • Don’t give out important information unless you must.
  • Don’t be tempted by those pop-ups.
  • Don’t give your information to an unsecured site; check it starts with “https” and the padlock is visible.

If in any doubt, STOP! Report this to IT and contact the sender directly (do not use contact details in the email) to verify the email.

We hope you have found this guide useful, our team can be reached on 03300 0241666 or contact@net-defence.co.uk should you have questions or want to better understand what your business needs.

Further reading:

Cyber threat landscape for the legal sector in 2025

Cyber Resilience 14th April 2025

Cyber threat landscape for the legal sector in 2025

The UK legal sector is under increasing threat from both external cybercriminals and internal vulnerabilities. With over 2000 data loss incidents reported in 2024 alone, law firms must act decisively to protect sensitive client information. This blog post explores the evolving threat landscape, including phishing, insider risks, and supply chain attacks, and outlines essential steps to reduce risk.

Read more

ISO 27001 transition: why businesses must meet new requirements before October 31st 2025

Cyber Resilience 26th March 2025

ISO 27001 transition: why businesses must meet new requirements before October 31st 2025

To keep their ISO 27001 certifications, UK businesses will soon need to provide certified evidence that they meet the 2022 standard for information security management.

Read more

Incoming changes to Cyber Essentials and Cyber Essentials Plus requirements

Cyber Resilience 17th January 2025

Incoming changes to Cyber Essentials and Cyber Essentials Plus requirements

From the 28th of April 2025, there will be several requirement changes to the Cyber Essentials and Cyber Essentials Plus certifications. Read on to find out how this may impact your business.

Read more

Yippee-ki-yay cyber criminals!

Cyber Resilience 11th December 2024

Yippee-ki-yay cyber criminals!

Learn how to protect your digital assets from cyber threats, just like John McClane protects Nakatomi Plaza.

Read more

Black Fridays dark side: Shop safe, not sorry

Cyber Resilience 29th November 2024

Black Fridays dark side: Shop safe, not sorry

Black Friday and Cyber Monday have become highlights of the shopping calendar, with consumers worldwide eager to take advantage of discounts and secure the best deals for festive gifts. However, this surge in online purchasing activity has also presented a prime opportunity for scammers.

Read more

Remote working = leaving the door open to cyber threats?

Cyber Resilience 11th November 2024

Remote working = leaving the door open to cyber threats?

Remote work has revolutionised how we work, but it also introduces new cyber security risks. We look at how to protect your remote workers, business, and data from cyber attacks using the essential tips outlined in this blog post.

Read more

Defence, protection, security. We've got you covered.

Whether you need to enhance your approach to cyber threats, overhaul your IT infrastructure or improve your communications, we’re here to help and advise. Talk to a specialist today and take the next step towards being a stronger, more resilient business.

Speak to us today

Need support? Take Control.

The button below is to be used when instructed by our technical support team. This will allow a file to be downloaded to your device for them to take control and help solve the issues you are having.

ND Take Control

exe · 7.68MB

Please note: only to be used when instructed by a member of our support team. Windows devices only.