When you’re a new business owner you’ve got a lot to think about and it can be tricky to know which aspects of your business you need to prioritize. At first, you’ll want to get your products or services just right and set about getting a strong financial plan in place. After this, you might begin to think about your office/workspace and how you’re going to market your company and start building a customer base.
But one of the most important things to prioritize early on is getting a strong cybersecurity strategy in place as soon as possible, especially if you rely heavily on technology to keep your business running. This is because cyber crime is on the rise and if hackers are able to get into your systems, they can wreak havoc on your business. Not to mention the new General Data Protection Regulations (GDPR) that came into effect in 2018 could leave you facing a heavy fine if your systems aren’t properly protected.
As a new business owner, you have so much on your plate already that it can be difficult to know if you’ve covered all the necessary bases. By using the checklist below you can reveal whether you’ve put together a strong enough cybersecurity strategy for your business or if there is still room for improvement.
Cybersecurity and Its Importance
But before we begin looking at what you need to do, let’s first look at what cybersecurity actually is and why it’s so important. In a nutshell, it’s the application of technologies, software and systems by your business in order to protect your devices, networks, files and data from a cyber-attack. The idea of a strong security system is to protect your sensitive information and the personal data of your customers or clients from being accessed, tampered with or stolen by unauthorized parties such as hackers.
Good cybersecurity is important for a number of reasons, not least of all because the General Data Protection Regulations (GDPR) put in place back in 2018 mean your business needs to adhere to certain guidelines otherwise you could be faced with a huge fine. These regulations are designed to protect the rights and information of all EU citizens. As a business owner, you are responsible for protecting the sensitive information entrusted to you by your customers or clients.
Not only this, but with criminals continually finding new ways to hack into systems and new techniques for scamming information out of unsuspecting individuals, people are becoming increasingly aware of the importance of cybersecurity and best practices online. As such, many are beginning to ask the businesses and services they use how they’re protecting their data. Having a strong security system in place can really help to boost your reputation as a business, showing that you care about your customer’s online safety.
So now we’ve briefly touched on why cybersecurity is so important, let’s take a look at the checklist below.
1. Have You Got a Firewall and Anti-Malware Software?
Let’s start with the basics. Firstly, you need to make sure that you’re using the right systems. Fire-walls and anti-malware programs should be installed on all computers and devices. These act as a barrier between your data and cyber criminals. What’s more, they monitor network traffic and prevent unauthorized access either to or from a private network. Hackers sometimes use viruses to access or destroy your systems, as such, you should also install anti-virus software to protect your devices and data.
2. Are Your Systems Up To Date?
It’s all well and good getting these systems in place when you first start up your business, but it’s important that you’re not using outdated systems. You can set up your software to automatically update when a new version is available, or you could hire a professional or third party to keep an eye on all your systems for you.
3. Do You Use Strong Passwords?
Any work devices or systems that contain sensitive data need to be password protected. This means you need to create strong passwords of at least eight characters, using a mixture of lower- and upper-case letters, numbers and symbols if allowed. This makes it harder for cyber criminals to get into your systems. It is also a good idea to update your passwords regularly and not use the same one across multiple devices or platforms.
4. Do You Govern All Your Devices?
Depending on the size and nature of your new business you may have an office suite full of computers or you and your team may use laptops, tablets and smartphones to conduct your work. Either way, you need to ensure you effectively govern any work-related devices. This means avoiding crossover between personal and professional devices, making sure they are password protect-ed and avoiding logging on to any public or insecure networks. This is because all of the above can increase security risks. By setting rules for work devices, you can keep the sensitive data stored within, safe.
5. Is Your Team on the Same Page?
This is a big one. You might be clued up on cybersecurity and doing your best to protect your new business, but if your staff isn’t on the same page, this could cause issues in the future. Human error makes it easier for hackers to get into your systems, so by teaching the staff about cybersecurity best practices, you reduce the risk of something going wrong. What’s more, your employees need to be able to spot the signs of a breach, know who to report it to and understand the system you have in place to address the problem as quickly as possible. So, no matter how big or small your team or what their role, cybersecurity training is a good idea for everyone you employ.
6. Do You Practice Good Email Hygiene?
This sounds a bit strange, but basically, it just means are you and your team always safe and promoting best practice when using email. This means ensuring you never click on suspicious links or download any files that could be harmful. If you’re unsure whether the sender is legitimate, it’s best not to risk clicking on the link anyway. If you receive a sales email or marketing communications but they look less than convincing, it might be better to get in touch with the business directly if you’re genuinely interested in what they have to offer. That way they can tell you if the email you received was genuine or not.
7. Do You Backup Your Data?
You need to make sure that you regularly backup your data both on your devices and on any cloud-based systems that you use. This means that if you ever fall victim to a breach, hacking or virus, you know that your data is safe. When backing up your data (not on cloud-based systems) it’s a good idea to keep this in a safe, separate place to the originals. If you choose to keep this on hard drives, these also need to be password protected. Backing up your data regularly means it will be as up to date as possible should something go wrong and you need to wipe your systems and start again.
8. Do You Encrypt Everything?
Along with backing up everything, it’s also a good idea to encrypt everything – and we mean every-thing. This is because it’s best not to take anything for granted. By encoding your devices, files, hard drives and clouds, you only allow those with authorization to access the information contained within.
Not only does this make it harder for cyber criminals to get access, but it’s great news if a device ever gets lost because no one else can access the information it holds. Examples of the things you should be encrypting include:
- Cloud-based files
- Memory cards
- USB flash drives
- Documents (Word, Excel, PowerPoint, PDF)
- Messaging apps like WhatsApp
- Hard drives
9. Do You Encourage Automatic Lock Screens?
It might seem a simple thing but setting your devices to automatically lock when it’s not being used, as well as teaching staff to lock their screen when they’re away from their desks, is really important. Prying eyes could walk by at any time and see information they don’t have access to. This is particularly important if you use co-working spaces or work in public places, as others out-side the company could get a glimpse at sensitive information on your screens.
10. Are Your Networks Secured?
Having a secure network is a big factor in preventing cyber crime. Using unsecured networks (and public Wi-Fi) can leave your business open to attack. Hackers can get in through these unsecured networks and steal or tamper with your data. This can have a seriously damaging impact on your business. Customers won’t feel safe sharing their data with a business that’s been hacked, and these cyber criminals could also access and share sensitive data about the business itself. So, having a secure network in place is vital.
11. Are You Managing Third-Party Risks?
Something you might not think about and something that is often neglected by new business owners is the use of third-party vendors or services. Other businesses can offer hackers a doorway into your business. A prime example of this was the huge Marriott Hotel chain which bought out Starwood Hotels and merged the two companies. Little did they know the Starwood systems had been hacked years earlier and the criminals were then able to access the personal data of over 500 million guests through the merger. This has left them facing huge backlash and an eye-watering fine.
While this is a very extreme case, it shows the importance of checking all third-parties that you work with. This is also an important part of remaining GDPR compliant. If you are concerned, especially as a new business owner and potentially as a new user of their services, you should always ask new providers about their cybersecurity systems. They should be able to reassure you that they too are doing all they can to keep your information safe. If they don’t seem to have much of a system in place, it might be time to look elsewhere for a new supplier or provider.
12. Have You got a System in Place for Security Breaches?
Finally, you can do everything right, but sadly it is impossible to completely stop cyber crime. So, if your systems are hacked or you spot suspicious behavior that could point towards a potential security breach, you need to know what to do. It’s therefore important to get a strong system in place for you and your team, so everyone knows what to do in the event of a breach and who they need to report it to. You may have dedicated staff for dealing with these issues or you may use a provider, but whatever you choose to do you need a plan in place should a security breach occur.
How are Your Cybersecurity Systems Working?
As you can see, cybersecurity is as important, especially as a new business owner. While it might feel like a lot of work, getting a strong system in place early on will stand you in good stead for the future. Getting clued up, being able to spot the signs of a scam and making smart decisions is the best way to keep your business safe and GDPR compliant. To ensure you’re doing all you can, let’s recap one last time on what we’ve discussed above. Here is our full, no-nonsense cybersecurity checklist:
- Have you got a firewall and anti-malware software?
- Are your systems up to date?
- Do you use strong passwords?
- Do you govern all your devices?
- Is your team on the same page?
- Do you practice good email hygiene?
- Do you backup your data?
- Do you encrypt everything?
- Do you encourage automatic lock screens?
- Are your networks secured?
- Are you managing third-party risks?
- Have you got a system in place for security breaches?
So there you have it, a cybersecurity checklist for your new business. If you answered yes to all of the above then you’re doing a great job!