At the Cyber Resilience Centre, we recently asked our partners and friends - What cyber security tips and guidance do they share the most at work with their colleagues and with family and friends at home?
This is our huge list of the 11 ways SMEs can stay secure online; whilst working remotely, at home or on the go!
1. Don’t forget the basics!
It’s not a change, but just keep remembering the basics: protect email with a strong (unique) password, use two-factor authentication whenever it’s available, create strong passwords and use a password manager, and make sure patches are applied as soon as they are available – either updating devices yourself or cooperating with your IT administrators so they can act quickly. - Professor Emma Barrett OBE, University of Manchester
2. Think before you click that email!
Employees should always be wary, don’t click the link or download a document without knowing the source is genuine. - Sam, Riskbox
Think before you click, think before you respond to an email that seems too good to be true, too weird, too out of the blue or too panicky. Calm it down, slow it down, apply common sense, think it through, verify what you can, and think before you click. Graham, Irwin Mitchell
If you get an email or DM that promises something which seems too good to be true, it's more than likely to be a scam so don’t click on the link or respond in any way - Kevin, Bergerode
3. Treat your work and personal data with the same care
Employees should treat their work accounts the same way they would their personal online banking and take the time to ensure they practice good digital/cyber hygiene. Hands-Face-Space for covid, stop-challenge-protect for cyber. - Neil Jones, NWCRC
Apply the same rules to themselves as they do for the business – use antivirus, patch regularly, use strong passwords, etc- - Kevin, Bergerode
The cyber threat also exists at home and in your personal life. Take what you learn at work home with you: email safety, phishing awareness, good passwords and using MFA. Be risk aware at home, just as you are risk-aware when driving, crossing the road, or answering the door to a cold caller. - Graham, Irwin Mitchell
4. Introduce a Risk Management Regime and Incident Plan
Cyber security when implemented effectively works as a growth enabler. The easiest change for a business would be introducing a risk management regime, ensuring board-level responsibility in supporting risk management.
While some may see this as a challenge, IT directors/managers in SMEs and CISOs (medium to large organisations) see this as an opportunity to present a business case by conducting organisation-wide IT security health checks. - Harman, Cyphere
If your business hasn't created a cyber incident plan before, we have created an incident pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.