Cyber security has become a growing concern for firms across the globe. Fearing data breaches, accidental loss of data and the associated damage to reputation, firms should be worried if the following basic structures are not in place.

Are your devices encrypted? What happens when an employee laptop, tablet or phone is misplaced or stolen? Encrypting drives takes minimal effort and ensures that the device and associated data remains protected if the device falls into the wrong hands. Laptops and mobile devices are a primary source of data breaches. 

Regular security audits ensure that your firms infrastructure is patched and up to date and potential network vulnerabilities are identified and addressed. Regular security audits should evaluate the firms entire technology ecosystem. 

BYOD (Bring your own device). Many firms allow employees to use their own devices to access email. This works in principle, however consider the scenario where an employee departs the firm. There could be weeks, months or years’ worth of company email on a device which doesn’t belong to the firm. Yes, an employee email account can be disabled, stopping them sending and receiving emails. Yes, their email can be accessed from HQ, however, unless the firm has a MDM (Mobile Device Management) solution in place, there is no clear method for removing this data. BYOD devices should be protected by biometrics, pin or password as a minimum.

Password policies - adopt the 4 + 1 rule. Does your firm have a password policy in place? If so, are users forced to change their password on scheduled dates throughout the year? Use eight characters with one upper and one lower case, a special character like as asterisk and a number. The more random the better. Well-constructed passwords put a good lock on the online front door of your company.

Have a business continuity plan. Firms generate large amounts of data and this data changes constantly. Data can be lost, compromised, or stolen through ransomware or human error. Loss of data will result in significant business disruption. Ensuring a business continuity plan is in place mitigates against this risk. Firms should also routinely verify backups, to validate data contained within the backup and ensure it's accessible if a restore is required.

Common sense perhaps, until you read a recent survey which suggests that 48% of businesses have no cyber security policy in place.