Our cybersecurity checklist

Cybersecurity is a challenging subject for businesses. We’re bombarded with headlines about the danger of cyber-attacks, but it can be really difficult to know if you’re doing enough to prevent them. Many businesses will likely have put a plan in place some time ago, but it may now be out of date. Threats change, and our approach has to evolve with them. At Chalvington, we want to help.

We’re Cyber Essentials Plus accredited, and offer a cybersecurity service that can help your business reach this status as well. This involves ensuring that you’re following best practice, and we’re going to share some pointers with you today. Here are 10 things that should be top of your cybersecurity checklist.

1: Know what you’re working with

The first step to any great cybersecurity policy is to get organised. You need to know exactly what you’re working with. When was your last cybersecurity assessment? How old are the measures you currently have in place? What hardware and software does your business use? These are all questions to answer before you really get started.

2: Get backups in place – especially for remote workers

Remote working offers your business a great level of flexibility, but it does potentially create cybersecurity threats. Your remote staff are likely using their personal devices for work more than ever. If these devices are lost or compromised, where is your data going? You need to ensure your files and data are consistently backed up to the cloud, on a regular basis – not just once a year!

3: Ensure your firewalls are up to date

Firewalls are your network’s first line of defence against cybersecurity threats. You need to ensure that you’re equipped with one that can handle even the most advanced threats to your business. At Chalvington we offer Next-Generation Firewall or NGFW solutions. These use machine learning to detect threats that consumer-grade solutions are more liable to miss.

4: Check your operating system supports you

It sounds fairly obvious, but updating your OS on staff devices as well as your business’ servers can counter many potentially disastrous cyber-attacks. We remotely monitor devices and servers to ensure they’re kept up to date. It’s also worth updating services like Microsoft, CRM systems, and financial software regularly. They’ll release patches in response to new threats. If you don’t update, you won’t be protected from those threats.

5: Train your staff

Staff training is a great way to prevent cybersecurity intrusions. Most common forms of attack, such as phishing, are reliant on human error to succeed, so ensuring your team can spot a threat can give you some real peace of mind. At Chalvington we can help them to spot threats using our user awareness service.

6: Put a spam filter in place

While cyber attackers frequently diversify their strategies, most will still use fraudulent emails to attack your business. You can stop your team from being exposed to these emails by using, and updating your spam filters. At Chalvington, we can help you source and manage a solution that’s right for you.

7: Ensure your password policy is up to date

We’ve come across some fairly shocking passwords in our time. From “123” to “Password” to “[Companyname1]”, none will secure your business against attacks for very long. You need to ensure that your team all follow strict password guidelines, keeping them secure through a password management service. It’s also worth limiting user access for some of your most important services.

8: Use MFA

MFA or multi-factor authentication is becoming much more popular for businesses, and for good reason. It adds an extra layer of security to your most important software. It means that if a member of your team does for some reason fall for a phishing attempt or a password falls into the wrong hands, criminals are still not given access to your business systems.

9: Secure mobile devices

As we mentioned before, remote working is here to stay. You need to ensure your cybersecurity policy accommodates these flexible practices. MDM software can help to ensure that cyber-criminals never gain access to your team’s mobiles or tablets. If a device is lost or stolen, you can remotely wipe their data to stop it falling into the wrong hands. It’s the last piece of the puzzle in terms of endpoint security.

10: Have a disaster response policy

If something does go wrong, how do you respond to it? You need to have a plan in place to recover data, restore systems and mitigate any security incidents, should they occur. Backups play a big role here, and if you keep them updated, you can potentially recover your data from attackers without paying their extortionate ransoms. These policies are also often required to comply with data usage regulations.

If you want to read more about disaster recovery, we’ve covered it in detail here.