6 urgent cybersecurity measures to shield your business from threats

Phishing awareness

Ensure employees can identify phishing attempts through regular training and simulated phishing campaigns.

Strong password management

Enhance security measures within an organisation through effective password management. This involves equipping employees with tools and resources to generate complex, unique passwords that are stored securely.

Zero-trust mindset

Encourage scepticism around unexpected emails, attachments, and data requests. Employees should verify unusual requests independently.

Two-Factor Authentication (2FA)

Mandate 2FA to ensure an extra layer of protection for sensitive accounts. This can be done through something the user knows, like a password or PIN, and something they have, such as a physical token or smartphone.

Encryption everywhere

Encrypt your data both at rest and in transit. Employ protocols like TLS 1.2/1.3 only to prevent data interception, and reduce cipher suites to only those that are strong.

System monitoring

Use tools like PRTG or Nagios to monitor system health, identify vulnerabilities, and flag unusual behaviour in real-time.

Segregation of environments

Separate development, testing, and production environments to limit the impact of any potential breach, and ensure there is no access from one to another.

Regular updates

Keep all software, especially operating systems and critical applications, updated with the latest security patches.

Cyber Essentials certification

For smaller or medium-sized businesses, Cyber Essentials offers a cost-effective way to ensure basic measures are in place.

Audits and regular reviews

Conduct annual audits to ensure all processes, from data categorisation to staff training, meet regulatory standards.

Data backups

Perform regular backups across multiple locations and perform test restores often to verify their viability. Take cyclic backups with varied frequencies (e.g. daily, weekly, monthly) as well as iterative backups (e.g. full and differential).

Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)

Define clear targets for how quickly systems need to recover and how much data you can risk losing.

Disaster Recovery (DR) testing

Simulate various scenarios, from cyberattacks to natural disasters, to test the strength of your recovery protocols. Where possible, perform system shutdowns and bring DR systems online to prove they work, and your process is robust.

Leadership response drills

Get your senior team to rehearse responses to crises, allowing them to assess and refine their preparedness.

Dark web scanning

Tools like SpyCloud monitor for leaked credentials that could compromise your systems.

Vulnerability scanning

Regular scanning with platforms like Qualys or Nexpose helps identify system weak points.

Antivirus and endpoint protection

Solutions like Bitdefender or CrowdStrike protect against malware and ransomware.

Web security tests

Use free tools like SSL Labs to evaluate the security of your website.

Check industry news

Stay current with updates from organisations like CISA (United States) or the NCSC (UK).

Analyse incidents

Study breaches (both your own and industry examples) to identify weak points and prevent recurrent issues.

Collaborate with trusted partners

Build relationships with vendors or consultants who specialise in cybersecurity.

Supply chains

Check your supply chains. Are they secure and robust themselves? Disaster recovery fails if your suppliers have failed. They could even be your weak link.