It’s the first week of 2023 and you’re back at work and feeling rejuvenated, right? Can you say the same for your computer software, devices and systems?

After business closure periods such as the Christmas holidays, Easter and bank holiday weekends, we power up our devices without giving their health or security a second thought. It’s very common that cybercriminals will look to take advantage in times like these to strike, aiming to go unnoticed until you return to the office or until your systems are restarted.

This poses a serious threat to your business as you can't defend against something you don’t know exists. To help you tackle the threat before it wreaks havoc in your systems and on your devices, we've created a Cyber Workout Plan for 2022 to keep your business fit and ready to tackle any cyber security challenge!

The Cyber Workout Plan comprises 12 mini workouts for your business to complete so you can tackle any threats that may have arisen during the festive break.

The 2023 cyber workout plan includes

Cyber Workout One: Password Management

Ensure any passwords you create and use are complex, random, and secure! 64% of individuals reuse passwords over multiple accounts, and in 2021, compromised credentials accounted for 20% of all data breaches!

• Power up your security by switching your passwords to passphrases; this is a series of random words with no relation to one another.
• Introduce a password manager to store your credentials in a secure location - this helps prevent password fatigue.
• Enable multi-factor authentication to your company accounts and devices - adding an extra layer of security to the login process.

Cyber Workout Two: Check for Software Updates

Keep your software up to date! During the winter break, your company devices may need a software update - enabling auto-updates to ensure your technologies have the latest security defences and resolve any potential bug issues.

• Keep track of which versions of the software are installed on your devices so that you can promptly target security updates.
• Install software updates as soon as they become available to fix exploitable bugs in your devices.
• Enable automatic updates for OS, applications, and firmware, where possible.

Cyber Workout Three: Update Your Cyber Incident Response Plan

When did you last test your Cyber Incident Response plan? Ensuring you have a solid and up-to-date ,Cyber Incident Response Plan can minimise the fallout in the event of an attack or breach. Hopefully, you won’t ever need to use it, but it is fundamental to implement!

• If you don’t have a response plan in place, look to implement one throughout your organisation covering data backups, a communications plan, and steps to recovery.
• Once you have your response plan implemented, test this every 6-12 months - this includes looking at how long your backups take to restore your data, what communication methods you use, and who has ownership of each action.

Cyber Workout Four: Take our Free Cyber Health Check

2023 is the year to take control of your cyber health! Whether your business is starting on its cyber security journey, or you would like some peace of mind knowing that your internal capacities are operating as they should be, a cyber security health check is the optimal way to help get you going.

• Our ,Cyber Health Check will help you gain valuable insight into your organisation’s current risk level.
• Identify the gaps in your security so you can implement the appropriate security defences that your business needs.
• Remain compliant with regulations such as the UK GDPR 2021.

Cyber Workout Five: Give your staff Security Awareness Training

Strengthen your human firewall! One of the most effective ways you can strengthen your workforce is through regular ,Security Awareness Training. Businesses can see a 70% reduction in socially engineered cyber threats when effective cyber awareness training is implemented.

• Power up your human firewall with targeted training that equips your staff with the latest guidance to remain cyber secure.
• Ensure training is regularly implemented to help keep your workforce ahead of the curve with the latest security defences.
• Take your training one step further by implementing phishing simulations to keep your people vigilant and robust.

Cyber Workout Six: Vulnerability Assessment

A Network Vulnerability Assessment tests your IT system configuration using the same techniques used by hackers to ensure your company is not wide open to a cyber attack.

We can scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.

If you've never had a Vulnerability Assessment, make a note to get tested in 2023. Our focus with a ,Network Vulnerability Assessment is to identify weaknesses that might compromise your network. With a plain language report, we can share with you our results alongside simple instructions on how any vulnerabilities might be fixed.

Cyber Workout Seven: Backups, Backups... Backups

All businesses, regardless of size and type, should take regular backups of their important data. Start 2023 with a new backup routine, making sure that your backups are tested so you are confident they can be restored.

Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from.

To help keep your files and data safe, you should secure digital backups with a password or encryption and keep them isolated from your network. By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage, or theft. If you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks.

Cyber Workout Eight: Have you considered a Simulated Phishing Exercise?

Phishing scams are becoming harder to spot, poor grammar and spelling and low-quality versions of recognisable logos are common signs of Phishing attacks. Other things to look out for include checking the sender's email address to see if it looks legitimate or whether a company logo has been manipulated to look legitimate.

By training your employees on what a phishing attack looks like, they are more likely to identify and report scams. Our ,Simulated Phishing Exercise gives you a continuous simulation and training to understand the latest attack techniques, recognise when something looks wrong, and help you stop fraud, data loss and brand damage in its tracks.

Cyber Workout Nine: Do you need Board-Level Training?

New regulations (such as GDPR) as well as high-profile media coverage on the impact of cyber incidents have raised the expectations of partners, shareholders, customers, and the wider public.

Quite simply, organisations - and board members especially - have to get to grips with cyber security. If you are not regularly talking about cyber security at your board meetings, you must start.

The National Cyber Security Centre has produced a ,Board Toolkit to help encourage essential discussions about cyber security to take place between the Board and their technical experts.

Cyber Workout Ten: Implement or Review your Cyber Security Policies

Every business will follow the First Aid or Fire Alarm procedure, so why is cyber security any different?

There are several policies that businesses need to adopt, they include a Bring Your Own Device Policy, Social Media policies and Risk Management/Incident Response policies.

Members of the Cyber Resilience Centre can take advantage of our ,Cyber Security Policy Templates that will help you to identify the gaps within your business. Membership starts from £500, ,learn more today.

Cyber Workout Eleven: Think about your Supply Chain

Cybercriminals target supply chains as a means of reaching the broadest possible audience with their malware. Identifying and compromising one strategically important element is an efficient use of resources and may result in a significant number of infections.

It’s often perceived that small businesses are not big enough to be hit by a supply chain attack, however, it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through the systems that you use.

To help you secure your supply chain, you should ensure that your suppliers regularly conduct security audits or have security certifications and put this within your contract with them.

Cyber Workout Twelve: Have you got the Cyber Essentials Certification?

Cyber Essentials is an effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks.

The National Cyber Security Centre recently announced they are running a ,funded Cyber Essentials programme which will help small and micro businesses to implement baseline security controls and prevent the most common types of cyber-attacks.

Qualifying organisations will receive around 20 hours of remote support with a Cyber Essentials Assessor. To qualify for this scheme, an organisation must either be:

• a micro or small business (1 to 49 employees) that offers legal-aid services
• a micro or small charity that processes personal data, as defined under GDPR

Fight back against cybercriminals with the North West Cyber Resilience Centre

The North West Cyber Resilience Centre works with businesses, small or large to help reduce cyber-related risks and vulnerabilities and enable companies to follow cyber best practices to avoid these incidents.

To help you to guard your business against cyber-attacks in the way you would protect your premises against fire and flood, we offer a ,free membership package. Membership is hassle-free and, doesn’t commit you to anything that you’ll later be charged for. There are options to upgrade your membership to utilise our ,cyber services, but these upgrades are not compulsory – the crux of the offer is free.