From understanding what exactly a VPN is and how to react in a Cyber Security emergency, to the importance of IT roadmaps and understanding your GDPR obligations, we’ve answered some of your most frequently asked IT and Security questions. How worried should I be about Cyber Security? Cyber Threats should be at the top of your agenda and factored into any IT strategy. Hiscox report that a small business is successfully hacked every 19 seconds in the UK, to protect your organisation’s information, we recommend implementing a multi-layered cyber security strategy. Falling victim to an attack could have a significant impact on business downtime, reputation and revenue. What is a VPN? VPN = Virtual Private Network. A VPN allows your teams to access their office data from wherever they’re working. We recommend this way of working – as long as your VPN is configured correctly, your data will be secure. Why do I need to upgrade/update my systems? It’s essential to keep up to date with the latest software updates. These updates are known as patches and the protect you from potential vulnerabilities in software that hackers exploit. Upgrading your systems will often mean enhanced security, but the biggest and most expensive systems aren’t necessarily the best option for your organisation, so it’s important that your IT partner properly understands your business and its needs. When products become end of life and issues are no longer being issues, it’s crucial that you make the switch to an upgraded system. What’s the most common cyber threat? Phishing emails tend to be the most common, mainly because they work. People frequently fall for phishing attempts as they can often be almost indistinguishable from legitimate email. The key to keeping your organisation secure is implementing robust cyber security solutions and focusing on end-user education. Why is end-user education and internal training so important? People within an organisation are generally the weakest link when it comes to cyber security. Research by Datto found that a lack of cyber security training was one of the most common causes of a ransomware breach. Training your team on what to look out for can help bridge the cyber security gap in your organisation. I’m concerned about my IT team’s capacity… If you’re concerned that your IT team is short on capacity due to your organisation expanding or difficulties recruiting, you can look to outsource some or all of your IT to a Managed Support Provider (MSP). What GDPR obligations does my organisation have regarding Cyber Security? The GDPR legally requires organisations to have robust measures in place to prevent personal data from being leaked, stolen, disclosed or inappropriately accessed. When this does occur, you’d be in breach of the GDPR and can suffer significant reputational and financial damages. All businesses have a responsibility to protect both internal, employee data and external client or prospect data. That’s why we suggest implementing a robust cyber security plan. How should we respond in a cyber security emergency? Do you have a disaster recovery plan? This is a document that you can refer to should the worst case scenario occur which gives you clear steps to follow in an emergency, helping to limit downtime and get your organisation back up and running. What’s the best way to protect my accounts? The first step is always to create strong passwords – 15+ characters with a complex combination of letters, numbers and symbols. Avoid using things personal to you such as family member’s or pet’s names. The next step is to enable 2FA (two-factor authentication) on all of your accounts. This adds an extra layer of security on top of your passwords, usually you’ll receive an email or text message with a code before you can login. So, even if your password did get stolen, the hacker would struggle to get past the 2FA. How do we know where our data is and if it’s safe? Keeping track of company data can be difficult if you don’t have the appropriate controls in place. In the event of a breach, it can be almost impossible to know what data was stored where and therefore what data has been compromised. To help mitigate this threat, pick a couple of locations to store your data (such as SharePoint and OneDrive) and make a formal record of what exactly is stored in those locations. • Have an Information Asset Register which details which details where your data is stored and what security is applied to it. • A legal requirement under GDPR is to have a Record of Data Processing. This details what data you have in each location and all of the other legal requirements of Article 30 of the GDPR. IT Services from Sharp With a team of friendly, consultative technical experts, we will help you achieve your organisation or business goals now and in the future. Whether you are looking to make changes to your IT to allow for remote working, or need a scalable solution to allow for your growth plans, we understand that IT can be a big investment. It is critical that you can trust and rely on your IT Partner, which is why we get to know you and your teams and become an extension of your organisation. Contact us today to find out more.