Break up with weak Security !

IT needs some love and care, it's not something you can pop in your office and just leave for years. It runs your entire business after all !

Creating a 10-point check plan for small business IT and cybersecurity ensures that your business stays protected from potential threats Here’s a concise, actionable guide:

1. Implement Strong Password Policies

• Require strong, unique passwords for all systems and applications.
• Encourage the use of multi-factor authentication (MFA) wherever possible.
• Consider a password manager usage for employees.

2. Backup Your Data Regularly

• Implement an automated data backup strategy (cloud or off-site storage).
• Ensure backups are encrypted and periodically tested to verify recoverability.
• Store backups separately from your primary network to protect against ransomware attacks.

3. Keep Software and Systems Up-to-Date

• Regularly update all operating systems, software, and applications to patch known security vulnerabilities.
• Remember Windows 10 is end of life October 2025 - with security patches available after that. Handy Tool to tell if your PC or Laptop is capable of running How to check if your device meets Windows 11 system requirements after changing device hardware - Microsoft Support
• Use trusted sources for software downloads and avoid pirated versions.

4. Use Firewalls and Anti-virus Solutions

• Install and configure a business-class firewall to monitor and protect internal networks.
• Employ comprehensive anti-virus and anti-malware software on all devices.
• Ensure both firewall and anti-virus solutions are regularly updated to stay current with emerging threats.

5. Block access from outside your office or overseas

• Almost all breaches we see are from non UK locations - consider using Microsoft Business Premium which has many security features bundled in..
• One of them is Conditional Access Policies - this can be set at different levels, for example Block alll sign ins to M365 from outwith your office - this is the highest level whic means staff cannot access any company emails or data when they leave.  
• This may be too strong a setting, so it can be blocked for groups, times and also for anyone not in the UK.  This adds a layer of protection to your Email and SharePoint data.

6. Train Employees on Cybersecurity Best Practices

• Provide regular training on recognising phishing emails, suspicious links, and social engineering attacks.
• Encourage a culture of security awareness, with an emphasis on safe internet usage and mobile device management.

7. Control Access to Sensitive Information

• Apply the principle of least privilege (POLP) for accessing critical systems and sensitive data.
• The use of SharePoint or Shares on a File Server setup with correct groups can help segment data
• Revoke access immediately when employees leave or change roles

8. Consider real time monitoring

• If a member of staff falls for a scam email, and enters their credentials it is unlikely you will know a hacker has got into your system. 
• Unless you have 24x7 monitoring in place which would flag immediately if someone had logged in to Microsoft 365 account
• Typical things hackers do is create forwarding rules so they can 'hide' their communication which maybe with your client or suppliers. Other behaviours of hackers are deleting or downloading files from SharePoint.

9.  Consider what would happen if a Mobile or Laptop was lost/stolen

• Many staff have access to Email on both personal and company phones With Microsoft Business Premium this allows remote wipe for all mobile devices ie Phones, Tablets and Laptops - if they are lost or stolen.
• It is also important to consider encyrption on Hard Drives of Laptops using Bitlocker and store the keys safely 
• Ensure all employees know who to contact in case of a cyber event and how to report incidents.

10. Final thoughts for a Gold Star approach

• Darkweb monitoring - run daily to check for leaked passwords that your staff have used on various external websites/portal.  Would you like a free report for your company? Get in touch
• Penetration & Vulnerability scanning - run Quarterly, or bi-Annual.  Test how secure your company is with full reporting. Your insurance company will love this one. Probably lower premiums.  We can help with Vonahi Crest Approved software.
• Cherry on Top  - Cyber Essentials Certification !  Really proves to the world how secure your company is.  Excellent for peace of mind, going for Tenders and with FREE £100k Cyber Insurance included when you pass.   We do all the heavy lifting to get you compliant, we work with the Auditors to get you a PASS.

By following this 10-point cybersecurity and IT plan, small businesses can significantly reduce their risk of cyberattacks and data loss, while promoting a secure and efficient digital environment.