Do you need help & advice with Cybersecurity or IT Management?
Taking Control of Your Business Cyber Security: A Leader’s Complete Guide
Cyber security is a big worry for many businesses, and it can take up a lot of time. As a business leader, taking control of your cyber security is important. This isn’t about getting super technical; it’s about having a clear plan. We’ll go through the steps you need to take, and there’s a checklist to help you make sure everything’s in place with your IT team or provider.
Start here β the safety net every business needs.
Cyber insurance is one of the simplest and most cost-effective ways to reduce the risk of a major cyber attack. Think of it like a fire alarm β it doesn’t stop a fire, but it helps you deal with the aftermath. Many people don’t put things in place because they don’t see the risk until it’s too late, leading to devastating incidents. Cyber insurance protects your business from the worst outcomes.
What Actually Happens When You Have an Incident
If you have an incident, the insurers have specialist consultants who know how to deal with ransomware, attacks, and getting you back online quickly. They often have teams in-house now of specialist consultants. They know way more than anyone’s ever going to know about dealing with these ransomware instances, dealing with attacks, negotiating with hackers, getting you back up and running as quickly as possible.
This is a very, very expensive undertaking. Recovering from a cyber incident can cost thousands, tens of thousands, or even millions of pounds β sometimes more than your annual turnover. So, having this insurance is absolutely critical.
Getting the Right Insurance Cover
When getting insurance, insurers might have demands, but you can still get cover even if you don’t meet all criteria. Just never lie to them, as it could invalidate your claim.
There are a couple of insurers where their policies aren’t worth the paper they’re printed on, because the demands they make are so heavy that no business can meet them. In fact, it’s technically impossible. So, I recommend going for a broker.
This requires no technical skill, and your IT team can help with the questions asked during the application process. Make sure you understand and confirm the answers you provide. There’s not normally too many questions.
Key Takeaway: Cyber insurance is an inexpensive way to protect your business from severe cyber attacks.
Build a human firewall that stops threats early.
One of the most effective things you can do for cyber security is to train your staff. This includes training them to recognise threats like phishing and to use strong, memorable passwords.
Getting Passwords Right
Instead of complex passwords that are hard to remember, aim for long ones (15 characters or more) that people can actually recall, or better yet, use a password manager like Keeper or OnePass. The goal is to get people to generate unique, long passwords for everything.
Why Unique Passwords Matter
If you use the same password for your shopping, social media, and work accounts, and that password gets out (which isn’t hard to do from the dark web), all those systems are compromised. It’s a nightmare to recover from. So, unique passwords everywhere with multi-factor authentication is key.
Building the Human Firewall
The main point of training is to help users recognise threats. It’s not about calling people stupid if they click on something suspicious; it’s about training them to think before they click. This creates a ‘human firewall’.
Regular training, ideally monthly, with simulated phishing emails, is much better than annual training.
Multi-Factor Authentication on Everything
Train your staff to set up multi-factor authentication (MFA) on everything. This means all the social media accounts need MFA enabled too. If someone uses the same password on their Tesco shopping and their Facebook and their LinkedIn and their work, anyone that has that password, however they get hold of it, and it’s not that hard to get people’s passwords on the dark web, means that all of those systems are then compromised.
Key Takeaway: Train staff to recognise threats and use strong, unique passwords, ideally with a password manager.
Go beyond antivirus with smarter protection.
Antivirus and firewalls no longer cut it. You need next-generation security tools like EDR, XDR or MDR…
Dealing with Potential Issues
While these tools can sometimes cause issues (like the CrowdStrike incident where machines blue-screened), this shouldn’t stop you from using them. That’s always been the case with antivirus. It can break stuff.
But they do give you a really good level of protection and are likely to pick up on the most obvious malware and block it.
Key Takeaway: Invest in next-generation security software like EDR, XDR, or MDR.
Let staff work β without opening the door to risk.
Privileged Access Management (PAM) balances control with usability…
Blocking Suspicious Software
A common example is fake driver update websites that can install malicious software. PAM allows IT to block these while still letting people install what they actually need.
Key Takeaway: PAM helps manage software installations without slowing people down.
Good advice beats flashy software every time.
You donβt need a full-time hire, but you do need expert guidance…
Why Software Alone Isnβt Enough
This is not a software product. It’s some time to try and reduce the risk of a cyber incident which can be devastating. Obviously, you need your MDR/XDR, your next-gen antivirus. You need your systems in place, your cyber insurance, but this is a really good way of making sure that we’re actually doing the changes and not just buying software because that will not work.
Shiny software is not cyber security. You need somebody who knows what they’re doing to make the changes in your business to make it more secure without as much as possible impacting on the business.
Key Takeaway: Engage a specialist to guide improvements and avoid false confidence.
Protecting your business should be a line item β not an afterthought.
Cyber security is no longer optional. It needs proper budget, strategy and board-level attention…
What You Should Be Spending
You should be spending as much on cyber security as you do on IT services (not hardware). A realistic budget is around Β£40 per user per month. If you’re spending significantly less, you’re leaving your business open to major incidents.
Key Takeaway: Treat cyber as its own budget β not just an IT add-on.
