National Computer Security Day (30 November) raises awareness of cyber security issues and online security. Cybercrime is indiscriminate, and it doesn't matter whether you are a sole trader, SME, charity, school, or a large chain to be at risk. What does matter is whether you have the vulnerability the criminal is looking to exploit, and this is why computer security is so important

Why Should I Improve Computer Security?

Firstly, by ensuring information is protected, you are preventing the cybercriminal from committing identity theft, blackmail and fraud. It's also essential for your computer's overall health - by preventing viruses and malware from taking hold, you ensure your devices and software can run smoothly.

Three Simple Steps For Computer Security

There are simple steps that can make your devices and network more secure:

• Strong passwords

• Multi-factor authentication

• Staff training

With these critical security steps above, you must consider supporting this with an IT security policy.

IT Security Policy

An IT security policy will define what behaviour is and isn't allowed and should apply equally to management and employees alike. We recently spoke with a business that provided IT support, and one of their clients was hit three times in quick succession by ransomware.

It turned out that the managing director had told the admin staff that if any email arrived with an invoice, they were to open it, despite this being contrary to the training they had received on identifying phishing emails and the dangers of opening unknown files!

IT and Security Policy Considerations

When creating an IT security policy, it is crucial to understand what you are trying to protect, why you are protecting it, and the consequences if you don't. Consider what is an acceptable use of your IT systems and ways to protect them. Don't forget strong password policies, access privileges, data protection, internet and email use, and reporting security breaches.

Remember, an IT security policy should not be a lengthy document that sits on the 'e-shelf'! It should be easily accessible to all staff and easily understood. It doesn't matter how good your IT security policy or implemented technical security controls are; the most robust safety measure comes from your people. Ensuring they understand why it's there and the reason for its implementation is crucial in the fight against cybercrime.

IT and Computer Security Policy Reviews

At the Cyber Resilience Centre for Wales, we offer a security policy review service through CyberPath. This service reviews your current security policy, its language and implementation. It includes a comprehensive gap analysis and plain language recommendations based on your current policy, risk management, and business.

To learn more, contact, us at enquiries@wcrcentre.co.uk