How to handle cyber security when you don’t have time

Cyber security is one of the thousand things on your plate. You might have had a breach or an attack before, and you’re working out how to stop that from happening again. Perhaps you’ve not had a security issue yet, but you’re feeling vulnerable to cyber crime and you want to make the business safe. 

You could realistically face close to 300 cyber attacks a year, including ransomware, malware, email security breaches, and many more according to Accenture’s State of Cybersecurity Report 2021. You don’t need to live in fear, but you should be ready. 

You’ve already got a to-do list as long as your arm, and just because security is vital doesn’t mean it’s something you want to spend time on. The trouble is, when the business isn’t big enough for a chief security officer or a dedicated team, data protection and cyber security are going to fall to the founder or MD. 

At the same time, you’re the most time-poor member of the team. It’s never ideal when one of the most important tasks lands on the person who has the least capacity to handle it, so here are some tips and ideas that could relieve some of the pressure, and protect you from IT crime. 

Consider cloud computing 

A cloud-based computing system delivers IT services through your internet connection, and third party hosts and delivers your programmes for you. It doesn’t mean that security is completely off your plate, but it usually means it’s easier and safer. 

That third-party cloud provider very likely has better security measures and expertise than your business does. It’s also in their interest to keep you safe and keep your systems running — you’ll typically have a service level agreement with them, plus from their point of view, happy customers mean renewed contracts. 

Using the cloud also means you can minimise disruption if something does go wrong. It’s easy to arrange a backup for your programmes, so if something goes wrong your teams can stay productive while you’re resolving the breach. 

Think about prevention and cure for data protection 

Obviously the preference is to prevent data breaches. Even if there’s no costly business disruption from a breach you could get a fine if sensitive data gets leaked. If you don’t have ‘appropriate technical and organisational measures’ then you could face penalties in the thousands (or even tens of thousands) of pounds. 

Good security and common sense will keep out most threats, but no system is perfect or impenetrable. If you’ve taken reasonable measures, then the ICO should be lenient. 

While you might not face legal problems, there could be practical ones. Whether it’s due to an attack, or simply an electrical fault, losing customer, prospect, or accounting data is disastrous. If you set up a data backup and disaster recovery system, then you won’t need to rush around trying to save your data if it looks like it might be lost. 

Email security perfectly illustrates the power of preventative measures. According to Mimecast, 75% of businesses have seen an increase in email-based threats, and 59% report that cyberattacks are growing more sophisticated. 

An email security system can block ransomware and prevent attackers from impersonating members of staff. Should anything get through, the next line of defence is education. Well-informed team members can spot phishing attacks and suspicious attachments and can deal with them accordingly. 

If the threat gets past your email security system, and it manages to catch out a member of staff, there’s one final layer of protection. Endpoint security prevents harmful files from reaching the device or the network.  

Outsource your cyber security 

One very effective option is just to take security off your plate entirely. If you’re an SME you probably can’t justify an in-house security team or a chief security officer, but you can afford an external IT partner.  

You want to spend your time growing the business, not putting out fires. An external team whose full-time job is IT will have the experience, knowledge, and capacity to act as your security team, and give you back all of the time you’d otherwise spend. 

Arc has been doing that for over 30 years now. We partner with Mimecast to protect against the latest email security threats, and use Sophos to expose the risks to your business, contain them, and isolate your systems, should they get infected.  

We can also make a full assessment of your current security, so if you’d like to see how secure your business is, or find out where your weaknesses are, get a free, no-obligation cyber security review here. 

If you’d like to speak to an expert about IT security in London, Essex, or the South East, call 01268 288100 or email [email protected]