Passwords – Having your people using strong passwords that use a combination of characters including upper case, lower case, numbers and special characters.  Making sure they use unique passwords to each web site, that are changed regularly, and not written down.  The longer the password the better, so consider using pass phrases which are harder to crack through brute force attacks.  Use multi factor authentication wherever possible.

Phishing – Continually educate your staff and reinforce the dangers of phishing attacks.  Show examples of phishing emails, have a way your people can report suspected phishing emails

External drives – USB drives, SD cards, external HDD are common sources of malware

Public wifi – provide your mobile staff with 4G connectivity rather than have them using public wifi.  Public wifi is unencrypted and often a target for cyber criminals.

Back-up – Back-up your data regularly and store off site.  Keep multiple copies of your data and keep them secure

Lock – Ensure device locks are activated and remote wipe is enabled, so if your device is unattended or lost/stolen, criminals can’t

Segment – Identify and segment your most valuable data.  Restrict access on an as needed basis.  Who needs to see what information, when and where from

Check – Any requests to change a suppliers payee details should be confirmed on the phone or face to face (a form of second factor authentication).  Bogus boss attacks are becoming more sophisticated and frequent.  Cyber criminals imitate the manager and ask to change the account details of a regular known supplier and to pay them urgently.  The account details are actually those of a cyber criminal.

Restrict – Restrict administration privileges so that staff cannot make unauthorised changes or use unknown or unapproved applications, or unapproved devices.

Antivirus – ensure Antivirus and malware protection software is deployed on all devices and kept up to date

Patch – ensure all operating systems and all applications are fully patched promptly, ideally within 24 hours of a patch being released.

Firewalls – deploy and manage next-generation firewalls to inspect and manage access to your network in accordance with your policy

Encrypt – Encrypt your most valuable data, particularly your valuable stored (at rest) data.  Also consider encrypting data in-transit particularly your high value data.

DNS filtering – to make sure your staff stay away from bad online neighbourhoods

Email security – to help block email borne viruses, spam, malware and other inbound email threats