Should your business have a cyber security plan?

Should your business have a cyber security plan?


The implementation of technology has become a fundamental part of business. As research develops and technology filters down, becoming more accessible to smaller businesses, it has become more and more important in the day to day running of all companies. With the increase in efficiency and accuracy that new technology brings, there is one commodity which has become one of the most valuable in today’s modern world. Data.

The usage and storage of data is now an important part of the daily running of a business, whether it is data about the business itself or data regarding their customers. It is therefore essential that your business plan accommodates for the possibility of this data being compromised. A cyber security policy should, for this reason, be a key concern in your business plan. Here we will look at how your cyber security plan should be approached.

Establishing a threat assessment

Many of those in business will run very quickly in the opposite direction at the mere mention of cyber security. Primarily down to the misconception that you require a master’s degree in computer science in order to understand how best protect your online assets. This is, however, untrue. The best place to start prior to establishing the steps your company should take to secure your technology, is simply to layout what specific assets you own.

A threat assessment could take many forms, but is essentially an audit into what your digital assets are, from physical computers to a list of the software they contain. Being able to visualise what technology needs protecting will help no end when you begin to lay out how you will protect them. In addition to a simple list, your threat assessment should also associate what risks each elements face. With this assessment in place, it will be a lot easier to then form the foundations of your cyber security plan.

Does your cyber security policy have an action plan?

In most cases there are three major elements to any cyber security plan. The primary element is the software – the technology itself. The most important thing to consider at this point is that old software is most vulnerable to an attack. Therefore, part of your plan should lay out a systematic approach to updating your software, especially your antivirus.

The second most important element relates to the processes in which technology is used. This revolves around how data is stored. Your plan should consider laying out how your business backs up data – for example, is data backed up on a secure sever which is separate from your business’s network? And how you keep your old data secure – are your digital assets disposed of correctly? The plan should establish procedures on how to safeguard information and what steps will be taken in the unfortunate event of a breach.

Are your employees trained in cyber security?

The third element concerns the people who interact with technology. Although this relates to the individuals who are giving their information, it is just as important to consider how employees themselves handle it. Consider how your employees access such data? Do they use your secure business network, or can they access it when they take work home? How easy is it for employees to share sensitive information? Most importantly, are your employees adequately trained? Are they aware of the threats which they may encounter and how to prevent an attack?

Putting these elements together will aid in the creation of a basic but effective cyber security policy in your business plan. From being aware of what digital assets may be at risk, to laying out ways to prevent an attack, and ensuring all employees are significantly trained.  

If you would like help with putting together your business plan, get in touch today! Contact us online using the form on the right or call 01604 420 420.

Share this blog