Whether you have several employees and run a network of devices or are a sole trader with one laptop, you need to protect your IT system from threats such as viruses, cybercrime and data loss
Imagine the impact it would have if your business' identity was stolen, your IP address was used to download illegal material or fire destroyed all your data.
Your firm could suffer financial loss and reputational damage, or even find itself on the wrong side of the law if personal data protected under the GDPR was compromised.
Turning to an IT supplier may not be an option if money is tight, but fortunately much can be done on a budget to keep your systems safe.
IT risk assessment
Start by assessing the particular IT risks facing your business. Then you can devise and implement a strategy for minimising those risks in an IT protection plan. Risks to your business may come from online activity; unauthorised access to your systems or data; or hardware damage, loss or theft.
A firewall should be your first line of protection from dangers such as hackers and fraudsters. Ensure yours is enabled.
However, you also need software to protect against viruses, which can delete and damage files and programs, and spyware, which can monitor your online usage or steal your data. Most free anti-virus and anti-spyware software is for personal use, but commercial software from a reputable supplier need not be expensive. Ensure it provides frequent updates and use it to regularly run full system scans.
IT security basics
Other security basics cost nothing. For example, be cautious about opening email attachments from unknown sources and using web links from emails whose origins are dubious. You should also take care about which sites you download software from and be alert to 'phishing' (where fraudsters try to obtain personal information from you). Never access your confidential information in a public wireless hotspot.
If you are emailing an important document, use open source Zip software to send it securely. This enables you to password protect the document. Ensure you send the password to open the document separately.
Access to your devices, as well as different areas of your system, should also all be password protected. The passwords should not be obvious, and you need to change them frequently. Make sure your staff only have access to the parts of your system that they need to do their jobs.
The Cyber Essentials scheme is free and any organisation can use the guidance to implement essential security controls. You can also have your business independently assessed through the scheme?s assurance framework, giving you a Cyber Essentials certification badge. This helps demonstrate to customers, partners or clients that your company takes cyber security seriously - boosting reputations and providing a competitive selling point.
Staff IT training
Importantly, staff need training in good IT practice. They should, for example, be aware of the dangers of connecting their own mobile devices to your network unless the devices have been scanned for viruses. You should also control what your staff can download and ensure that any files are scanned before being downloaded. A clear set of IT policies outlining what is and isn't allowed can help clarify your expectations and hopefully eliminate any risks caused by employees' use of your IT systems.
IT risks don't only come from those with malicious intent. All businesses are vulnerable to the unexpected, for example fire, flood or hardware failure. You need to make regular backups of all your files and hold one in a secure off-site location.
Finally, update your operating system and software regularly, by downloading the latest patches, or turning on automatic updates. This will help ensure you continue to run at optimum efficiency. And it will cost you nothing.