It's well known that human error is the biggest cyber weakness in most organisations! Rectify this by developing a business with strong IT security procedures and a team with awareness of cyber security best practices.

If you have nothing in place, start here. Take a bespoke approach, as no two businesses are exactly alike. Identify your unique vulnerabilities and design policies to protect them. These should include processes for handling sensitive data, take feedback into consideration AND educate your employees to ensure they understand the consequences. Keep your policies simple and clear without jargon.

If your employees use personal tablets, smartphones and laptops for work duties, you need a robust Bring-Your-Own-Device policy. If in doubt head to our Policy Template section on our website for our free downloads.

You need to restrict and control all access points. The simplest way to do this? Password protect everything and start using 2FA - Not heard of two-factor authentication before? Read our handy blog on 2FA here.

Create individual accounts for all your users and always remember to close inactive accounts. Leaving these open creates vulnerabilities! Only give administrative access to trusted and reliable people - Ideally those with strong cyber security awareness or extra training. You can also more effectively monitor who uses the network and from where.

Cyber security awareness training can make all the difference! Cyber attacks prey on curiosity and fear. They often use very simple tricks to lure unsuspecting people into revealing personal information or downloading malicious software. Unaware employees can leave your company vulnerable, especially if they don't understand basic security measures or what to look out for.

Employee training should include Staff Induction training, annual refreshers and highlights from your IT security team, especially of similar incidences elsewhere. No one wants to be the hole in the defences! Providing easy-accessible guidance will help put procedures into everyday practice.

You won't know there's a problem unless your team tells you! Your company needs to foster a culture where incident reporting becomes second nature. This can only happen through continued education on poor security practices and a straightforward means of reporting - Without recrimination or demeaning responses.

Two-way communication between your IT security team and your employees is an absolute must.

Cyber attacks are going to happen - Having an Incident Response Plan in place drastically affects your business's recovery. In the plan, outline exactly what happens after a cyber attack or breach. There are different kinds of cyber crime - so be robust!

Make sure you include a data recovery plan in case of disaster and share your plan with the entire company, so they can follow the plan and react appropriately.

Having a team of cyber security experts is as vital as educating your employees. If you are a small business, you may not have an in-house team to turn to: Do not worry!

There are plenty of outsourced IT companies with professional experience. When employing any IT team, be sure that they also complete annual cyber security audits.

We all have legal regulations we have to meet, especially post-GDPR in the UK! Whatever your industry, you need to ensure that you have the necessary protection and supporting documentation in place.

If you work in a heavily regulated sector, it is critical you meet the highest standards of compliance and can quickly prove it to regulators. Be sure to have standardised IT security procedures across the board and responsive experts you can rely on.

When promoting cyber security in your business, the above steps are intended as a guide to getting you started. Whatever you do, don't just forget about it and leave it until it's too late.

There are tools out there, like Cybsafe, that can massively reduce the human-risk factor by educating your team and improving their cyber security awareness. Contact us to discuss in-house training or get more information about cyber security tools.