4 easy to follow steps to protect your company’s data this Data Privacy Day

With a 8.1% increase in business growth in the West Midlands region over the last two years, opportunities for cybercriminals to attack have also increased. The average cost of a cyber-attack for micro and small businesses that lost data or assets after breaches was £8,170, this increased to £13,400 for medium to large businesses.

These figures are alarming and rightly so, business owners work extremely hard to run successful companies. The Cyber Resilience Centre for the West Midlands works closely to support and guide businesses across the West Midlands region through the complicated and often treacherous waters of the world of cybercrime.


We exist to help you reduce your business’s cyber related risk and to increase your cyber resilience. We do this by developing your knowledge in key areas so that you can implement basic methods of cyber hygiene. If you left your windows and doors open at night, your risk of burglary is significantly increased. The impact of leaving your website unprotected or not doing regular software updates has the same level of risk, as they are your digital entry points as opposed to physical.


To help you to guard your business from cyber-attacks in the way you would protect your premises against fire and flood, we offer a free membership package. This is not a membership package that puts heavy demand on you, instead it allows you to have the opportunity to have a jargon free 1:1 conversation to help you understand your current business cyber related risks and gives you access to regular simple, easy to follow guidance, tools, and resources.


One area we can work with you on is to improve your policies around data protection and privacy. With a recent report disclosing that of the businesses who took part in the report, only 5% of companies’ folders were properly protected from cyber criminals and that 17% of all sensitive files are accessible to all employees. Acting on these vulnerabilities could significantly reduce the impact of a cyber-attack where hackers gain access to confidential and sensitive information.


With this in mind, when was the last time you checked how your business's data is being used?

Here are 4 steps you can take to keep your businesses data safe:


Step 1: Learn the addresses of your data Often, businesses store data on multiple media types including local storage, disk-based backup systems, cloud solutions, and more. A simple place to start is to understand exactly what lives on each form of technology and in what format it requires its own type of protection.


Step 2: Implement a need-to-know policy To reduce the risk imposed by human error or curiosity, businesses should create policies that limit access to data, meaning only those that require access have access. As a business, you should consider means to track access log entries, so that unpermitted access will not go undetected.


Step 3: Toughen your network security Networks are normally protected by a firewall and antivirus software, but these will not be effective if they are not up-to-date and working within the latest software versions.

Malware is a cyber security threat that mutates daily and as a business, it’s key that your antivirus software is up to date in order to keep up with these mutations.


Bring your own devices has been a rising trend for businesses in recent years, however, the COVID-19 pandemic meant that this wasn’t a trend or choice for many businesses when they were forced to close their business premises. This meant that there were many businesses who had employees using their own devices in order for a business to continue.


As a result, it’s a philosophy that is here for the long run and your business's security policy and processes should include the use of personal devices for business purposes.


Step 4: Don’t hang on to data baggage To proficiently manage data as a business, creating a data lifecycle management plan will help you delete old and obsolete data. Things to consider when doing this are:

  • Identify the data you must protect and identify how long this must be kept for

  • Ensure you are looking at offline and offsite tape back up’s when tidying out your businesses data.

  • Ensure you have an incident response plan in the event a successful cyber-attack takes place.

  • Consider non-digital data such as paper files and hardware files as these can hold out of date data.

  • Securely dispose of hardware that could contain out of date data, this could be photocopiers, scanners, or even outdated voicemail systems.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.