October is cyber security awareness month. 
 
According to the Cyber Security Breaches survey 2023, 32% of businesses and 24% of charities overall recall breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%). 
 
The report shared that the most common cyber threats are relatively unsophisticated, so government guidance advises businesses and charities to protect themselves using a set of “cyber hygiene” measures.  
A majority of businesses and charities have a broad range of these measures in place: updated malware protection, cloud back-ups, passwords, restricted admin rights and network firewalls. 
 
However, across the last three waves of the survey, some areas of cyber hygiene have seen consistent declines among businesses.  
 
This includes: 
 
use of password policies (79% in 2021, vs. 70% in 2023) 
use of network firewalls (78% in 2021 vs. 66% in 2023) 
restricting admin rights (75% in 2021, vs. 67% in 2023) 
policies to apply software security updates within 14 days (43% in 2021, vs. 31% in 2023). 
 
These trends mainly reflect shifts in the micro business population and, to a lesser extent, small and medium businesses – large business results have not changed. 
 
Human resources (HR) and cybersecurity are two distinct but interconnected areas within your business. 
 
Here's how they relate to each other: 
 
Make sure staff are trained and informed. 
 
Ensure that all employees are well-informed about security policies, procedures, and best practices. 
 
This includes holding training sessions and raising employee awareness about the potential risks and consequences of cybersecurity incidents. 
 
Have written policies and procedures in place.  
 
Recruitment and Background Checks. 
 
We can help your business conduct background checks on prospective employees. We can also help you with recruitment.  
 
Access Control and User Management. 
 
Make sure you work with a reputable IT company or appoint someone in your business to manage user accounts, permissions, and access control. 
 
When employees join or leave the company, its important to have a process to granting or revoking access to sensitive data and systems, reducing the risk of insider threats. 
 
Incident Response 
 
In the event of a cybersecurity incident, you must report any such breaches to staff or clients. Appointing someone to coordinate communication with affected employees, addressing any legal or ethical concerns, and ensuring the incident is properly documented. 
 
Security Policies and Compliance. 
 
It's vital to develop security policies and compliance standards. They ensure that employees are aware of these policies and that they are adhered to, reducing your businesses vulnerability to security breaches. 
 
Insider Threat Mitigation 
 
Working with an IT company that specialises in cybersecurity will help you to monitor employee behavior and respond to any signs of malicious intent or negligence. 
 
Data Privacy and GDPR Compliance
 
When handling personal employee data, make sure you are compliant with GDPR. This includes managing and protecting sensitive employee information. 
 
Keep reviewing your procedures. 
 
A cyber security review is essential for all businesses, no matter how small you are, to ensure your business is protected and you are compliant.  
 
Across all UK businesses, there were approximately 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime in the last 12 months. Make sure your business is not a victim, get your business audited and make the neccessary changes to ensure you are protected. 
 
 
This content will only be shown when viewing the full post. Click on this text to edit it. 
Share this post:

Leave a comment: