Home > 

Blogs > 

Steps Cyber Security

10 Steps to Cyber Security

by Charlotte Houghton - 7 October 2020


October is Cyber Security Awareness Month. Given the rise in online businesses and home working as a result of Covid-19, we wanted to share some tips on improving cyber security in your small business.

The National Cyber Security Centre has outlined 10 Steps to Cyber Security, which we have explored in our latest infographic.

Risk Management Regime:

Establish a governance framework and produce policies to support risk management objectives. Risk management should be demonstrated at every level of the business and appropriate training should be given that reflects each role. Ensure security controls are up to date and appropriate.

Secure Configuration:

Implement configuration control and change management processes for all systems. Set a secure baseline build for all systems and components. Remove unnecessary functionality from systems and quickly fix vulnerabilities. Limit user ability to change configuration and privileged user functionality.

Home and Mobile Working:

Develop a home working policy and educate staff to operate securely by following clear procedures. Apply a secure baseline build and configuration for all types of mobile devices used. Protect data in transit and at rest.

Incident Management:

Develop and maintain your incident management policies, processes & plans and test them. Define specific individuals to handle incidents and ensure they are fully trained. Establish a data recovery capability, analyse post-incident evidence and report criminal incidents to law enforcement.

Malware Prevention:

Develop and implement anti-malware policies and establish malware defences. Manage all data imports & exports and blocks access to known malicious sites. Educate users to understand the risks.

Managing User Privileges:

Establish policies and educate users of their personal responsibility to adhere to corporate security policies. Limit the number and use of privileged accounts. Control access to the audit system and logs and ensure that all privileged user access is recorded.


Establish a monitoring strategy and align the incident management policies. Monitor user activity and inbound & outbound traffic traversing network boundaries to identify unusual activity that could indicate attacks.

Network Security:

Protect the network perimeter. Manage inbound and outbound network connections and scan for malicious content. Protect the internal network and ensure that there is no direct routing between internal and external networks

Removable Media Controls:

Implement policies to control the use of removable media. Automatically scan removable media for malware when it is introduced to any system. Limit the use of removable media, but when it is needed it should be formally issued and users should be educated on its use.

User Education and Awareness:

Produce a user security policy and train all new starters on it. Conduct regular refresher training on the security risks to the organisation and monitor its effectiveness. Promote an incident reporting culture and establish a formal disciplinary process for those who abuse the policies.

Businesses of all sizes rely on information technology infrastructure to some degree and are therefore exposed to the potential risks of cyber-crime. However, SME’s can be particularly vulnerable to attacks as they may not have the resources or capabilities to deal with a cyber-event.

Cyber insurance is a specialised form of insurance cover that aims to help protect businesses from the effects of digital attacks such as data breaches or cyber hacks. For more information about Cyber Insurance and to get a quote, speak to the team on 08081 68 68 68 or get your online quote now.