With almost everything we use at work turning digital, it’s no surprise that you’re now more likely to be a victim of a cyber crime than an old-fashioned burglary. 

As an organisation, you have a legal duty to keep personal and sensitive data protected – a serious GDPR breach could mean a fine of up to €20 million, for a start. And your reputation is at stake if knowledge gets out about poor digital practices.  

Don’t risk it. In just a few simple steps, you can up your company’s cybersecurity. Here are some good starting points the experts recommend. 

Read more in our white paper: Health, Safety and Cyberthreats 


1. Make it official 

74% of businesses say cybersecurity is a high priority for senior management – but only 27% have a formal cybersecurity policy.  

A policy makes your organisation’s official procedures clear, and encourages all your staff to read it and follow them. A consistently implemented policy means better security all round.  

You can use our model policy here: 

Information protection and cybersecurity policy 


2. Install the right security software 

Security software is essential for stopping dodgy programs from getting in. Malware protection on all your company’s devices – including mobiles and tablets – is one of your first ports of call against viruses, trojans, spyware, and other digital nasties.   


3. Lock your devices down 

Yes, you need to physically secure your gadgets too. This prevents thieves from stealing them, busting in, and accessing your data.  

Experts recommend securing desktop computers to workstations, keeping laptops locked away when they’re not in use, and restricting access to the room with your servers in it. 


4. Check your passwords 

Strong passwords are crucial. Most security experts recommend using ones that are eight or more characters long, containing a mix of lower case letters, capitals, numbers, and symbols – and avoid common words. ‘Password123’ won’t cut it.  

It’s also important to use different passwords for different accounts, and to change them regularly. And if you need to share one, do so securely, such as through a dedicated app like LastPass. In other words, don’t just jot it down on a Post-it note.  


5. Keep private info private 

Storing personal and sensitive data securely is fundamental for complying with the GDPR. All the data you store digitally, including employee details and customer information, should be on an encrypted drive, preferably on a secure server.  

See our GDPR toolkit and our in-depth Data Protection guidance for more information on what you need to do.  


6. Update your software 

Developers release regular updates to software, which include vital security patches. Make sure all your software is up-to-date with the latest version, and encourage your staff to do the same – or force them to, for that matter. That goes particularly so for critical programs like web browsers and Microsoft Office.   


7. Train your staff 

Everyone who uses a connected device is at risk of accidentally causing a breach. That’s why proper training on cybersecurity and device use couldn’t be more important.  

Our Internet and Email use training course is a great place to start, covering topics like network security and passwords. Of course, there’s always more to learn about – and with the internet a fast-moving world, updating that training regularly is just as important.  


8. Don’t stop there 

This article gives you just a quick overview of some of our top tips. For more information and full guidance direct from the experts, we recommend: 

Download now

Add new comment