It’s coming close to the end of the year and depending on your business sector this can also be the time where all focus is on festive closures and reduced business activities during the festive period. Cyber Security needs to remain a key priority for your business as the festive period can attract unwanted attention from cyber criminals attempting to exploit vulnerabilities to compromise your data, devices and finances.

To provide expert guidance, we’re pleased to be share these '8 tips for keeping your business cyber secure for the festive period' from one of our GM Skills Map providers The North West Cyber Resilience Centre. Stay ahead and get your plans in place for 2023 with additional cyber security training courses available on the GM Skills Map. 

1.Identify your most valuable assets in a cyber security risk assessment

Risk assessments are not new to most business owners, you need to have one for physical risks or financial risks, so why wouldn’t you have one for your security?

Cyber and online security should fall into your security risk assessment, and it should identify information assets that could be affected by a cyber-attack (such as hardware, systems, devices, customer data, intellectual property, social media accounts etc).

2. Do you need to promote your business as unoccupied?

If you were leaving your home unoccupied to go on holiday, you wouldn’t post this on social media or announce it in an email to your whole organisation – so why would you treat your business holiday any differently?

Many businesses are guilty of promoting they will be out of the office during the festive period or that their offices will be closed during certain periods. In doing this, you are practically inviting hackers to explore the weaknesses in your systems and devices whilst you’re enjoying a Christmas break.

3. Make sure you have a Cyber Incident Response Plan - so you're prepared should an attack occur

A cyber security incident response plan provides a process that will help your business, charity or third-sector organisation to prepare for, respond and recover from cyber incidents. 

The incident response plan includes checklists to help businesses to consider the full spectrum of possibilities – from undertaking weekly IT security checks to ensuring you are testing your staff's response to incidents. Click here

The pack also features contributions from law firm Irwin Mitchell, their guidance ensures businesses are aware of the key commercial and legal implications of a cyber incident.

4. Install anti-virus software and don't forget to check it's working!

Cyber threats are constantly changing and adapting to break down our defences, so installing anti-virus software has never been more important. Antivirus software creates a barrier against malware, which is malicious software or viruses designed to cause havoc on your devices.

It would be best if you had antivirus software on all computers and devices and should only install approved software on tablets and smartphones. It is also advised to prevent users from downloading third-party apps from unknown sources.

5. Create strong passwords and take advantage of a password manager

Passwords are the door key to your business and if you don’t feel comfortable giving someone your key then perhaps password123 isn’t the strongest password to use. Having a more complex password that isn’t a pet name, your favourite sports team’s name is a very good place to start.

If you’re using the same one for multiple accounts, the best practice is to change them using three random words and a password manager will help you remember them all.

6. Do you have Multi-factor authentication turned on? 

Multi-factor authentication, (also known as two-step verification), will ask you for multiple verification factors before access can be gained to your online accounts. Often the verification factor might be a one-time password where you are asked to enter a 4-digit code that you receive via SMS, email or through an authenticator app.

Multi-factor authentication provides you with greater assurance that the access request is genuine, which reduces the risk of unauthorised access to your accounts.

7. When did you last backup and update your data?

Take regular backups of your essential data and test if they can be restored. This will reduce the inconvenience of any data loss from theft, fire, or other physical damage or ransomware.

Identify what needs to be backed up (usually documents, photos, emails, and calendars) and ensure the backup device is not permanently connected to the original machine.

Also, be sure to keep your devices and soft­ware updated. Software vulnerabilities are security holes that offer an easy way for cybercriminals to infect your systems.

8. Get prepared for 2023 and check out the cyber security training courses from The North West Cyber Resilience Centre available on GM Skills Map 

Protect your business with security awareness training. Check out the range of Cyber Security course options available now on the GM Skills Map.

Cyber Security Awareness Training (Fully Funded) click here

Simulated Phishing Exercise click here

Internal Vulnerability Assessment click here