Managing your IT contractor

Managing your IT contractor

Introduction Many small businesses outsource some or all of their IT requirements to a third party. You should be satisfied that they are treating your data with at least the same level of security as you would. What can I do? Ask for a security audit of the systems containing your data. This may help […]

Minimising your data

Minimising your data

Introduction The Data Protection Act says that personal data should be accurate, up-to-date and kept for no longer than is necessary. Over time you may have collected large amounts of personal data. Some of this data may be out-of-date and inaccurate or no longer useful. What can I do? Decide if you still need the […]

Writing policies around cyber risks

Writing policies around cyber risks

Introduction A good policy will enable you to make sure you address the risks in a consistent manner. Well written policies should integrate well with business processes. Some organisations do not have adequate levels of protection because they are not correctly using the security they already have, and are not always able to spot when […]

Watching out for problems

Watching out for problems

Introduction Cyber criminals or malware can attack your systems and go unnoticed for a long time. Many people only find out they have been attacked when it is too late even though the warning signs were there. What can I do? Check your security software messages, access control logs and other reporting systems you have […]

Training your staff

Training your staff

Introduction Your employees may have a limited knowledge of cyber security but they could be your last line of defence against an attack. Accidental disclosure or human error is also a leading cause of breaches of personal data. This can be caused by simply sending an email to the incorrect recipient or opening an email […]

Backing up data

Backing up data

Introduction If you were to suffer a disaster such as fire, flood or theft you need to get your organisation back up and running as quickly as possible. Loss of data is also a breach of the Data Protection Act and General Data Protection Regulation. Malware can also disrupt the availability of access to your data. […]

Securing data in the cloud

Securing data in the cloud

Introduction There are a range of online services, many incorporated within today’s smartphones and tablets that require users to transfer data to remote computing facilities – commonly known as the cloud. Processing data in the cloud represents a risk because the personal data for which you are responsible will leave your network and be processed […]

Securing data on move and in office

Securing data on move and in office

Introduction The physical security of equipment is important to consider as devices containing personal data could be stolen in a break-in or lost whilst away from the office. You should ensure that personal data on your systems is protected against these types of threats. You can also prevent or limit the severity of data breaches […]

Aligning with Cyber Essentials

Aligning with Cyber Essentials

Introduction There is no single product that will provide a complete guarantee of security for your business. The recommended approach is to use a set of security controls that complement each other but will require ongoing support in order to maintain an appropriate level of security. The UK Government’s Cyber Essentials Scheme describes the following five […]