Check your level Cyber security awareness now. Use our 10 question cyber security quiz to measure how prepared your company is. Cyber attacks on poorly protected SMEs are more successful and therefore a staple to any hacker wanting to generate an additional source of income.
It is essential for every business who uses I.T. devices to have sufficient cyber security procedures and policies in place.
Many businesses (from all sectors) have been targeted during the pandemic due to the increased use of technology and remote-working policies.
Chose the answer most relevent to your businesses cyber security
1. Do you have cyber security policies and procedures in place?
A.) Yes, we have I.T. policies & procedures in place which are reviewed & updated. All staff are aware and understand the importance of following the measures outlined.
B.) Yes, we have I.T policies & procedures but they are not detailed and have not been reviewed. Staff are aware of them but have the option of reading them at their own discretion.
C.) No, we currently do not have I.T policies & procedures in place as we do not believe we are at a scale that requires them.
2. Do you provide training to staff on cyber security?
A.) Yes, all staff are made aware of our policies and procedures when joining the team.
We also arrange for our employees to complete a short cybersecurity seminar annually, so everyone has a clear understanding of the subject.
B.) No, we do not provide a specific programme, but it is a matter that is discussed either in the office or during staff meetings.
C.) No, our business is small and not heavily I.T. orientated. Also, we believe that our employees have general knowledge of the subject
3. Do you have specific I.T. personnel who manages I.T. & cyber security audits?
A.) Yes, we have a designated I.T. Department which looks after the business. They conduct an annual audit and manage issues that employees may have.
B.) Yes, we have an employee who looks after our I.T. and manages our equipment and software.
However, we are currently not at the scale to employ a full-time I.T. administrator. If we do experience any issues that require specialised attention, we contact an I.T. consultant or service provider to resolve the problem.
C.) No, we do not have a designated person or service to look after our I.T. due to our budget.
4. Do you have an emergency/cyber security Response Plan?
A.) Yes, we have an I.T. Consultant that has conducted a risk assessment and has advised our business on what platforms and security software are needed to protect our data and devices from a malicious attack.
We also have been provided with the tools necessary to create a recovery plan in case of an external breach and contacts for I.T. specialists that can assist if such an incident occurred.
B.) No, we currently do not have a detailed cybersecurity response plan in place. It is difficult to know where to begin in regard to drafting an effective response to a cybersecurity incident.
We have been intending to refer to a consultancy but have done nothing about it yet.
C.) No, we do not believe that the area we work in would be a target for cyber-attacks and that the data we store is not of value to potential hackers.
5. Does your I.T. devices have enterprise standard endpoint protection/antivirus?
A.) Yes, we have Endpoint & Antivirus protection on all our devices as a basic layer of protection. This is strengthened by encryption and remote monitoring.
B.) Yes, we have standard Anti-virus on our devices, but we need to upgrade our security software that offers a higher level of protection.
C.) Yes, we have basic anti-virus but only on the computers based in the office. We do not provide Anti-virus to staff working remotely on their own devices.
6. Do you have measures in place to protect sensitive data. (complex passwords, email encryption & two-factor authentication)
A.) Yes, we use two-factor authentication to access certain accounts and files. An effort is made to not reuse the same passwords to login into devices and files.
Our, I.T. consultant has recommended some useful tools to enable us to protect data while maintaining ease of access.
B.) Yes, we do have passwords to access devices/data. Currently we do not have any software that encrypts email transmissions.
General files that are worked on a regular basis or online accounts have the same standard password for quick access.
C.) Yes, we have passwords on our accounts but tend to use the same passwords to avoid losing them and for staff to enter accounts quickly.
7. Does you have Business Continuity & Disaster Recovery system operating? In other words, an effective backup?
A.) Yes, we have BCDR software scanning our devices for any malicious malware or ransomware while also backing up all our business’s critical data.
All our backed-up files are up-to-date and can be recovered within a short amount of time if an incident did occur relating to a cyber breach or accidental deletion.
It is essential that we are GDPR compliant, and this software enables us to secure our business files and client’s data 24/7. It is tested and monitored by the service that provides the software.
B.) No, we save our files to a popular cloud service and on external hard drives.
However, it is difficult to keep the external drives up-to-date and we are uncertain whether our current measures would be sufficient to stage an effective data recovery if a breach did occur.
C.) No, we do not have any proper back up in place.
8. Does you have a remote-working procedures in place to ensure that any data, emails, and accounts are protected when being accessed off-site?
A.) Yes, we use a file, sync, and share platform that has enabled our staff to work remotely when required and maintain the same level of productivity.
Staff can access their work files from remote locations and collaborate with the team securely.
The service we use detects any suspicious software and monitors the activity on our system so that any threats can be identified and averted.
It has reduced some of the risks associated with remote working.
B.) Yes, we have remote-working procedures in place but are concerned about data loss, unauthorized access to confidential files & accounts and fraudulent emails.
While we do encourage our staff to follow the policies and procedures set out, we do not feel entirely secure with staff using personal devices and trying to access our system off-site.
C.) No, we do not have any official remote working procedures in place we are just waiting for restrictions to lift so staff can return to the office. We are relying on email and Zoom to communicate and transfer files.
9. Do you regularly update and scan your software to ensure that patch management processes are being performed?
A.) Yes, all software is regularly updated and scanned for any issues. It is each employee’s duty to schedule an update on the device that they are working on once receiving a notification.
If the employee receives an alert or notification that they do not understand, they are referred to management for assistance.
B.) Yes, we do run updates but often staff delay them as not to interfere with their work. It is difficult for us to monitor which devices have been scanned and updated due to this.
C.) Only when we do not have a choice as to avoid downtime. Our equipment is old and slower to perform these tasks.
10. Do you understand the threat posed by cybercrime & the implications of a successful I.T. breach?
A.) Yes, we understand that there is always a possibility that the I.T. system could be the target of an attack or a file could be accidentally deleted by human error.
We have contacted a consultant who has recommended a protection package that will provide our business with the level of security we require.
B.) Yes, we understand the threat of cybercrime and would like to upgrade our protection but are concerned about the cost.
We intend to seek advice about how best we can secure our I.T system within budget.
C.) Yes, we understand that cybercrime is an issue but highly doubt that our business would be a target for hackers due to our size and sector.
Quiz Results !
Add up the number of times you selected each letter, read the entry below that is specific to the letter you choose most frequently:
If you scored mostly A’s, fair play, you understand the importance of cyber security and protecting not only your business but staff and clients’ data.
By referring to I.T. service providers or personnel for trustworthy advice and recommendations, you have essentially saved time and money in the long term!
Protecting your business should be considered an essential investment that will reduce downtime and provide you with the support needed if an incident occurred.
Your business clearly understands the implications in terms of the financial and reputational cost if data was lost or the system is compromised.
In a heavily I.T. reliant world, we need to be constantly alert and informed about the various ways in which our devices can be accessed, monitored, and used by both trusted and criminal entities. Keeping staff up to date with training and following an I.T. consultant’s advice will stand by your organisation.
If you scored mostly B’s, you are on the right track towards protecting your business from cybercrime.
However, there are gaps in your level of cyber security protection and maybe some guidance is needed to help you prepare and implement I.T. policies/procedures, and most importantly draft an effective Cybersecurity Response Plan.
Many businesses fall into this category as it does take time on top of an already busy work schedule to complete audits, draft new policies and then try to find software packages that are suited specifically to your business and budget.
While you may have concerns about the cost; if you take the next step to speak to an I.T. Consultant or Managed Service Provider.
The consultant will assess your needs and can recommend specific packages that are user and budget-friendly!
They can also provide online platforms and tools to enable safer remote-working and maintain your existing equipment or source new upgrades. It is better to seek expert advice than to spend your budget on the incompatible or complex software that will be difficult to integrate into to workplace.
Protecting your business does not have to be overly expensive and will save you time and money!
If you scored mostly Cs you need to reassess the threat that poor cyber security poses to your business. One of the major misconceptions about cybercrime is that many SMEs believe that they will not be hit by an attack due to, size, sector, and profit levels.
These criminals seek vulnerabilities which means that if the devices and software that you use to conduct business on are not protected with standard endpoint protection and are not managed properly by staff you are leaving your business at high risk of attack!
Larger firms that have protection and trained staff serve as a challenge, it takes time and sustained effort to reap any rewards.
Attacks on poorly protected SMEs are usually more successful and therefore a staple to any hacker wanting to generate an additional source of income. It is essential for every individual who uses I.T. devices ensure that they have a standard layer of protection, manage passwords and are cautious online.
Many SMEs (from all sectors) have been targeted during the pandemic due to the increased use of technology and remote-working policies.
Extensive research and statistics over the past 2 years have shown a dramatic increase in the number of reported cases of cybercrime which include the detrimental effect that it can have on businesses.
If you think that your business is lacking the standard level of protection needed to combat any possible threat it is time to get support and advice on how to improve your I.T. security!