The IT security that most organisations have in place is woefully inadequate.
As we provide IT services, you are probably thinking “you would say that”, however, it doesn’t make the fact any less true.
Consider a recent study carried out by Beaming on cyber crime which found that in 2019:
- 1.5 million UK businesses fell victim to cyber crime
- This equates to 25% of all UK businesses
- This number has increased by 92% since 2015
If 1 in 4 UK businesses have already been a victim of cyber crime and the number is going up, the question is how likely is it that the remaining businesses will get hit in the future? Without sufficient security in place, the answer is very likely indeed.
The costs from poor IT security can be immense. The same study found that the total cost to UK businesses through cyber crime totaled 13 billion in 2019 alone. These kind of numbers can have a devastating impact on lost revenue, productivity and at worse, can spell the end of many businesses.
In this unprecedented year where organisations have been forced to use technology to interact and collaborate remotely rather than in person, our reliance on IT to “get the job done” has never been higher.
If so many organisations are doing IT security wrong, the assumption is that it must be some kind of “black art” that only the uber-technical among us understand.
Although a certain level of technical knowledge is required, it is possible for any business to achieve a good baseline level of security. And there aren’t many grey areas either. In fact, there are clear guidelines on the difference between “good” and “bad” security. There are even entire standards like ISO 27001 which clearly define these.
6 Steps to improve your IT security
If you want to start improving your IT security right away, here are the areas you need to look into:
- Passwords and accounts – Make sure you are implementing a password policy that enforces strong passwords (more than 8 characters, minimum 3 different character types i.e. upper, lower, symbol), makes sure these are changed on a regular basis and users are locked out after a certain number of wrong attempts.
- Device security – Keep devices up to date – make sure you have the latest operating systems (e.g. Windows 10) and the latest updates on all devices. Enable encryption in case of theft. Enforce strong passwords for laptops and passcodes for mobile phones. For more information see our blog on how to secure your devices.
- Site security – Make sure there is physical security in place to your premises including CCTV and access control to the building and keycodes and/or locks to protect servers and rooms where sensitive data is held.
- Network security – Make sure your network is protected by a modern firewall, check all machines have up to date anti-virus, protect files by restricting access to only the minimum files, folders and permissions people need to do their job.
- Email security – Consider putting in an email filter to stop spam and malware, an email archiver to “backup” your email server and enable MFA (Multi Factor Authentication) – i.e. using a password and a code generated from an app to log in.
- People security – People will often be the weak link in your security chain. Make sure you have a clear set of IT policies, staff understand these and are regularly trained on it and you carry out regular testing to ensure your IT systems remain secure such as third party penetration testing.
This is only the start of putting excellent security in place for your business but by carrying out the above, your organisation will already be ahead of 90% of companies. This small investment in time could literally save your business.
Would you like to find out just how secure your IT systems are? Take our IT Security Scorecard and in less than 5 minutes you will get your personalised report on your security score, which areas you need to improve and the next steps in how to improve them.