What should I be doing to secure my business?
One of the first things about Security is realizing that security is much more than stopping people “hacking in”.
It is fundamental to any business to have a business continuity plan (BCP). If you plan for a power outage what happens? Your IT systems will be down.
Can I use the same plan if an outage occurs to my IT systems and it’s not a power problem?
Security is the foundation of resilience.
The hardest part about security is getting started. Often, it’s on the “to do list” until it’s too late.
Hopefully you have already talked to your IT partner and had the security business continuity conversation.
If not “What should I do first” is a common question? Rather than recommend one single thing, the answer should be – “Have a plan”
So, what does your plan need to cover?
Firstly, look at any existing business continuity plan. Is it up to date has it been tested?
Look at not just the worst case but also the best case and know that when an incident occurs it will lie somewhere in
Most importantly have a plan, know what to do and who to call.
Understand your risks and apportion the appropriate resources to minimize those risks.
Make the plan proactive. Be a fence at the top of the cliff and don’t rely on an ambulance at the bottom.
Prevent rather than recover.
Inventory is a crucial starting point of any plan. What equipment do you have? what software do you have? What data do you have?
Then look at where are the biggest risks. Is there a single point of failure?
Look at your plan as being a holistic business continuity plan, that is a living document. Continually revisit, update, fire drill, and improve.
Many of the incidents we see disrupt business are due to poor Cyber hygiene not some advanced nation state hack.
Do the following to enhance your security:
Keep the software for your devices and applications up to date.
Access? How do I verify my user is in fact who I think they are? Is MFA (Multi factor authentication) on!!!
What information do I have? Where is it stored? Who has access?
What are my essential services?
What are the financial implications of these risks?
What are my obligations to customers, employees, and shareholders?
If I was breached, how would I know and when?
Am I running Microsoft 365 Business Premium?
Can my staff trust that the Cyber workplace is as safe and secure as possible? If it is, you will see productivity and creativity flourish, staff retention rises as well as the ability to recruit new staff.
“She’ll be right” – Is not a plan! “No surprises” is a plan.
For further advice, contact your local IT Alliance member to discuss creating a plan for your business.
By Paul Caldwell – Microsoft Security BDM