Work towards achieving Cyber Essentials Plus and put in place these 7 security measures.
Want more than basic cyber-security protection for your business? If you already have our 9 Steps to combatting cyber-threats in place and you’re Cyber Essential certified, you’ve made a good start. But if this is all you have, then for proper security there are still a few more steps you can take to safeguard your business. Cyber-crime is £1 trillion industry for cyber-criminals.
After getting the basic accreditation, you can work towards achieving Cyber Essentials Plus. This is a similar experience in achieving the basic Cyber Essentials accreditation. The difference is that it deals with security at a higher level and demands more rigorous policies and practices to be in place.
How else can you secure your business?
Cyber Essentials covers a broad range of topics regarding security and so will likely cover most of your basic security needs. But we also have a brief list of some security systems and techniques which are worth looking into. Or, if you’re looking to get the best level of cyber-security we recommend our CISO service.
ISO 27001 ACCREDITATION
ISO 27001 is an internationally recognised certification you can get which proves your cyber-security is at a high level. It can be used as a compelling point for people to choose your business over competitors.
STAFF SECURITY TRAINING
Employees are often considered to be the weakest link in the cyber-security chain. But with regular training, they can become one of the strongest as they are able to spot and prevent threats.
WARM AND HOT STANDBY
Because of the rising cost of an outage, getting systems back online quickly is vital to prevent minute by minute money from burning. The rise of virtualisation and the cloud has made disaster recovery and business continuity a much simpler and cost-effective venture than before. It’s worth considering.
MULTIPLE CONNECTIONS
With connectivity being so critical to a firm, it’s essential to have backup network and Internet connections to prevent a failed connection from leaving the firm isolated from clients and the wider world. Multiple firewalls and/or routers are also recommended.
SECURING THE LAN
The LAN has previously been left relatively unprotected but it’s now imperative that you secure the internal network to restrict access from undesirable third parties. You also need to secure any wireless or virtual networks to stop a single breach from creating an open door across the entire firm.
MOBILE DEVICE MANAGEMENT (MDM)
Bring Your Own Device (BYOD) is a popular policy, but it’s also dangerous without the correct measures in place. Procedures need to be set up for when a device is lost or stolen or when an employee leaves the company. Don’t adopt BYOD for the sake of it, do it for an important reason. And if employees do need personal devices, look into Choose Your Own Device (CYOD) as a more secure alternative.
DATA LEAK PROTECTION
In order to implement an effective data leak protection policy, you need to really understand what data you have and the risks you face. Only then can you really begin to implement the correct controls. These will vary from sector to sector but should include things like portable encryption, endpoint protection, email content control and intelligent firewalls.
In short, put in place more than basic cyber-security to stay ahead of the game. Stop those cyber-criminals in their tracks with a good level of protection for your business.
Any questions about either of the Cyber Essentials accreditations? Read our FAQ on the subject.
Get more advice on achieving the best levels of cyber-security – contact our team today.