keyboard_arrow_left See all news

Recent News

Huthwaite International / 23 Feb 2020
SPIN® SELLING – stop talking and start listening
Sellers must take care not to get caught up in the excitement of talking about the bells...
Northern Business Expo / 22 Feb 2020
5 books every small business owner and entrepreneur needs
Here is a list of our top 5 books that every small business owner and entrepreneur shoul...
Northern Business Expo / 22 Feb 2020
The 7 building blocks for a prosperous consultancy career
Whether you’re unsure how to begin your consulting career, or you’ve already started...
Northern Business Expo / 21 Feb 2020
How to keep your mind healthy whilst running a small business
One in six people who work in the UK have anxiety, depression or similar every year, and...
YorCyberSec / 20 Feb 2020
IT Support is NOT Information Security
With the many pressures facing smaller businesses, trying to reduce expenditure is alway...
Northern Business Expo / 20 Feb 2020
Invoice scams targeting SME's - how to stay safe
Scammers today are not the same as 5 or 10 years ago. It’s so important to stay vigila...
Northern Business Expo / 18 Feb 2020
The 3 start-up planning basics 
​​​​​​​Your mission statement will be beneficial to you throughout your bu...
Northern Business Expo / 17 Feb 2020
5 simple strategies to improve the quality of your work life
By changing your thinking and being more positive to all aspects of your job then you wi...
YorCyberSec / 16 Feb 2020
Is it safer to be untrusting?
With the rise in scams against the public and organisations is it now safer to be untrus...
Northern Business Expo / 13 Feb 2020
14 compelling reasons to join a business or professional association
Whether local, regional or national an association is a key place to meet your peers and...
DOWO Digital / 12 Feb 2020
Why small businesses should outsource digital marketing
Digital marketing can be a minefield for a beginner or novice and you can’t afford to ...
Northern Business Expo / 10 Feb 2020
Managing a mix of paper and digital
Read this to find the help you need to manage and protect your valuable information and ...
Northern Business Expo / 08 Feb 2020
Staggering Sales Statistics: Start Selling Smarter
​​​​​​​Although numbers don’t tell the whole story, they certainly help ...
Northern Business Expo / 07 Feb 2020
How to avoid or overcome sales objections effectively
Remember, objections are inevitable. So instead of trying to sell harder, or simply gett...
Northern Business Expo / 06 Feb 2020
Deal with tough sales questions like a boss.
First make sure you have listened and understand their question. Don’t be scared to cl...
Northern Business Expo / 06 Feb 2020
What makes a great B2B salesperson in the 21st century?
Do you need to take a step back and work on yourself to become an even better b2b salesp...
Northern Business Expo / 05 Feb 2020
How can storytelling increase your sales?
Over 60% of people remember stories but only 5% remember individual stats. With that in ...
Northern Business Expo / 04 Feb 2020
5 easy ways to boost sales in your new business
Right now, you are your business’s best asset, and no one is better placed to take it ...
Northern Business Expo / 04 Feb 2020
Say less, sell more
Filler words are the meaningless or unnecessary sounds, words or phrases that mark a pau...
Northern Business Expo / 03 Feb 2020
5 simple steps to energise your sales team
5 easy steps for you to add some life into your staff and revitalize your team!
Northern Business Expo / 03 Feb 2020
5 easy ways to increase your profit margins
There are some core fundamentals that often flow the same throughout many companies that...
Northern Business Expo / 02 Feb 2020
Easy techniques to quickly close every sale
Every scenario will need a different closing method. Ensure you and your team are well p...
Northern Business Expo / 31 Jan 2020
Nightmare mistakes you can avoid in your new business
As a new start-up, these first few months can be worrying times – especially if its yo...
Northern Business Expo / 30 Jan 2020
12 productivity hacks
Increasing your productivity is a critical step in achieving your personal and professio...
Northern Business Expo / 29 Jan 2020
How to plan for successful self-employment as a female boss
How does your ideal day look in five years time? The important thing here is to focus on...
Northern Business Expo / 29 Jan 2020
Start-up to win £5000 funding in March - could it be you?
Not just the £5000, the winning entrepreneur will also receive an exclusive prize packa...
Northern Business Expo / 28 Jan 2020
Is it the right time to quit your job?
Whatever your reason for considering quitting, remember it's okay to do so. You need to ...
Northern Business Expo / 27 Jan 2020
Starting a business – the ultimate checklist
There's so many things to consider when starting a business that it can feel like a moun...
Northern Business Expo / 26 Jan 2020
Qualities of an entrepreneur
Entrepreneurship tends to attract people with unique minds and strong personalities, but...
Northern Business Expo / 25 Jan 2020
The 7 dos and don’ts of successful social media campaigns
We’re going to highlight some of the things you should and shouldn’t be doing to imp...
YorCyberSec / 10 Feb, 2020
keyboard_arrow_left See all news

The IT security basics

Putting in place appropriate security measures for your business can be confusing, but one thing we can all agree on is the basics, right? But what does that mean, and do we all have the same ideas in mind when talking about this? Sometimes it helps to take a step back from looking at the latest and greatest security software, and remind ourselves to cover the basics first. 

Here are some simple things that all businesses should be doing, in my opinion, in no particular order… 

Network segmentation – Let’s start with getting your corporate network properly set up, by placing systems with different levels of risk into their own network, separated from other systems by firewalls or other filtering devices. For example, if you have web servers facing the Internet to provide services to your customers, they are also at risk of being attacked, so you don’t want your company database housing sensitive date into the same network segment. Similarly, place your users into their own network segment so that a rogue employee can’t get direct access to core systems unless they are authorised to do so. 

Anti-malware software – We have had anti-virus installed on our machines for years, but is it keeping pace with modern attacks? For anti-malware software to be effective, it needs to look beyond commodity viruses and incorporate protection against the behaviour of malware, phishing attacks, and endpoint compromises attempted by insiders. Obviously, this needs to be kept up to date regularly, and it needs to be deployed on mobile devices where they present a risk. 

Patching – The bad guys find a hole in the software that runs your systems, and unless you patch it quickly, you could be hacked. Patching is easy to automate on non-business critical systems, and is by far one of the most essential elements to maintaining a more secure and robust network and organisation. This becomes harder with business-critical systems and you may require a test environment to ensure nothing is going to come crashing down when applying a patch, but if you are at this size or stage your IT/InfoSec team or partner should know how to handle this. Critical fixes are released all the time and I hate to think how many organisations are missing these through bad practices. 

Multi-factor authentication (MFA) – Using a simple username/password combination only provides a certain amount of protection, and if people use the same password across different accounts, or store their passwords insecurely, then abusing these credentials becomes more likely. MFA will use an additional method of verifying a genuine logon, these days usually through a code sent to a phone. In most cases businesses can do this for free using services provided by Microsoft, Google or Authy. Do it! It may just save you some embarrassment and money. 

Secure standard build – How do you know your systems are built in a secure manner, every time they are deployed? Having a template secure build process should be part of the standard method of setting up systems before they are allowed to be used in your business. It makes patching easier, makes deployment easier and additionally makes management of devices easier. There are documented standards available online that can be used to create your baseline configuration, and deployment tools can automatically push this to new devices, even including things such as malware protection, firewalls and approved applications. 

Security awareness training – With the mainstream news constantly full of stories of companies being breached (and fined!), investing in training for all staff is key, to embed secure behaviours into daily life. There are some awesome companies out there that offer solutions from fully hosted and managed, to providing the material for staff to read through in their own time. They are cost effective, easy to manage, easy to audit and provide a method of staff improvement and education. 

Backup, backup, backup! – Amazing how many organisations I speak to are not doing this, not even for their business-critical systems and data. Again, usually it can be done at no extra cost using current services, e.g. Office 365 or Google Docs, but if you need a more comprehensive backup solution, then there are plenty of options available at a suitable subscription cost. Just imagine if you lost all company data via either a breach or fire, how would you handle it? 

Incident response plan – If s*** hits the fan do you know who to turn to? Do you know what to do? This does fit in with my other post around “IT Support is NOT Information Security” - give it a read. You need to be confident that the person or people who will be helping know what they are doing. I also recommend that companies run through these plans on a regular basis, to catch any problems before a real incident occurs. 

Auditing and logging – These count for what is happening on the network and on your systems. Are all assets accounted for and in working/compliant state, are there are signs of malicious activity? If you have been breached or believe you have, can you investigate? This may require some investment, but the NCSC just released a free solution called LME which is worth looking at for SMEs, just don’t expect the world, but it’s a good start. 

Policies and procedures – There is no point in having a policy and procedure for every single thing under the sun, and they won’t be effective if they are not practical and suited to the culture and practices of the organisation. Think what is relevant to your business, what will help the company run efficiently, securely and realistically. Don’t just push out policies to staff without consultation, and make sure to check that everyone has understood the policies and why they are in place. Rolling these into the staff training systems mentioned above is recommended. 

Correct access controls – Why does a weekend staff member or a receptionist need access to company/customer or supplier financial and payment details? Why does someone in the sales team need to view staff members’ salaries? Too often I see all staff set up with the same level of access, which creates problems with access to data, and is difficult to undo. Setting up different access profiles for different roles will control this, helps to reduce the likelihood of an insider attack, and makes investigating what has happened if there is a breach more efficient, in theory. 

Most of the above can be done on minimal budgets and it is possible to ‘kill two bird with one stone’ across different steps, so no excuses really. Additionally, they are for the most part essential to ensuring you maintain compliance. Whether that is to PCI DSS, ISO 27001, GDPR, NIST or Cyber Essentials. I am sure I have missed some and feel free to let me know and I will update as appropriate. 

If you want to discuss any points above in more detail just pop by our stand 860 at the Northern Business Expo on 17th/18th March at Manchester Central. It's free to visit, and it's now the biggest business event in the North of England - get your free ticket online now!

 
Processing. Please wait.
Loading...