The whole cyber security thing can be daunting and overwhelming and it can seem expensive, but it is a real problem that should be continuously addressed. Left ignored, it’s only going to bite you and your business in the bum, both financially, reputationally and emotionally.

This article isn’t to talk about sophisticated firewalls, Cyber Essentials, penetration testing or MFA (Multi-Factor Authentication) or any of those things. They all offer a lot of value and security (especially MFA), but before considering any of those, we need to start with the basics. Without the basics, it’s like having a locked gate to your business but no fence.

Passwords – Strengthen your password, today! You should be looking at a password of at least 15 characters long (yes, 15), it should be easy to type, easy to remember but hard to guess. But  do not panic! You should no longer think of your password as a pass-WORD, now think of it as a pass-PHRASE. Suddenly 15 characters won’t seem so bad and because of the techniques that cyber criminals use, password length is now more important than password complexity. Here are a few example passphrases – It’s3.1milestoTesco or 15Daffodilsinavaseonfridge, Imustrememberttofeedour2dogs. The cherry on the cake is that with a passphrase >15 characters, you can safely turn off the expiry of passwords on your system.

Updates – At any and every opportunity, install your software updates. It could be before you go to lunch, at the end of the business day leaving it overnight to update, or when you’re doing a job that doesn’t require your computer. And it doesn’t just apply to your computer either, if your smartphone has access to company data (like e-mails), check for updates on there too. The most compelling reason to go to the effort of installing these updates is security. Software vendors are really good in that as soon as they’re aware of a security hole in their product, they make available a software patch to fix that security hole so that it cannot be exploited. There are lots of other benefits too to having the latest updates installed which I’ll go into more detail in a separate blog, but giving you the short version, you’ll get the latest software features, hassle free installation of new software, bug fixes and a full reboot.

Firewall – You might need a little bit of help with this one from your IT support company and I’m confident they won’t charge you if you ask this. Firewalls, bit by bit, are opened up to allow certain types of internet traffic (aka ports) into your office network, for example CCTV and remote access. And then, a few years later, those ports you opened up the firewall for, are no longer used, but it’s very common that the firewall is never closed afterwards, therefore leaving you unnecessarily vulnerable. So, have a conversation with your IT support company and ask them to double check that no unnecessary internet traffic is allowed into your network. One port to specifically ask them (your IT support) about is “Remote Desktop” traffic (TCP 3389), this is a very common attack vector for hackers to use and should not be open on the firewall.

The Human Firewall – Another very common attack vector for cyber criminals to exploit is phishing e-mails, your colleagues being tricked into clicking on rogue internet links or transferring funds to hackers. It’s all about education and knowing the tell-tale signs to look out for in an e-mail or a text message. A website you should regularly visit is ncsc.gov.uk – the National Cyber Security Centre – it’s bursting with friendly and down to earth advice for businesses and organisations of all sizes that you can freely and confidently distribute to your colleagues. The following link is an infographic that every member of staff should read and understand – http://bit.ly/3HUgyVb –  (if you’re now wondering, is this link safe to click – Google “ncsc suspicious emails infographic” instead)

If you implement the four areas of cyber security we have discussed above, it will mean you’re firmly on the first rung of the cyber security ladder; and whilst it will require the full support of the directors or trustees, there will be no cheques to write and little or no technical expertise will be required. The end result is that your business or charity organisation will be in a much better cyber security place, and also in a position where any further measures you implement that do carry a direct cost (like the aforementioned sophisticated firewalls), you will get the full benefit of.