Where to start with Cyber Security

November 23, 2022

The term cyber gives the impression of being overly complicated, expensive and generally an IT problem.

There are some quick wins you can do to improve your cyber security and start to become secure. These include patching, firewalls, passwords, backups and staff awareness. By familiarising yourself with some of the basics, you can begin to make changes to your business and improve your security.

Cyber has an impact on a whole company and you should benefit from knowing the basics and the initial steps to secure yourself without spending money.


Patching is running updates on your devices and software to ensure that you are operating on the latest version.

According to the Cyber Security Breaches Survey 2022, only 37% of companies have a patching policy or process defined[1].

This can usually be set to automatically take place for both devices and software. It is strongly recommended to enable automated patching to ensure you are running the most secure version. For larger networks, it is best practice to have a staged rollout plan to test the patches and make sure your critical servers don’t get taken out in the process.

For those who want to take this one step further, a vulnerability scanner or vulnerability management service can be sought to constantly report on your patching status to make sure nothing has been missed.


A Firewall is a physical device or piece of software that protects you from the rest of the internet when using your device.

This section can be split into 2 areas depending on the organisation. If you’re a business with home workers, no dedicated offices and you store company data in the cloud or on a laptop, then making sure you have the software firewall on your computer turned on and have anti-virus on all devices is crucial. By combining anti-virus software and the computers software firewall, you are significantly reducing the risk of being hacked.

For businesses which have an office space and multiple networks, it is important to not only have a physical firewall for your office, but also a software firewall on your devices adding that extra layer of protection. This will also protect data whilst in transit between your office network and individual devices.


Now for everyone’s favourite topic… Passwords! This is one of the most talked about topics in cyber security and there is a continuous battle between useability and security. Everyone must remember personal and business passwords which can be complicated (including numbers and symbols) leading them to use the same ones for both.

You should consider a password policy that enforces strong passwords. This should include a minimum of 8 characters and contain upper and lower case letters, numbers and symbols. Where possible you should enable multi-factor authentication. There are plenty of apps out there to help users that can be used as multi-factor authentication. Enabling this means you don’t need to change your password frequently. You only need to change it if you suspect it has been compromised.


Backup, backup, backup… this is no joke. You should always set your system to automatically copy data to a different location (where it is safe).

By saving your data to a different location, you are preventing that embarrassing moment of having to recreate documents if something goes wrong with your device. It will save you a lot of time and potentially money if your files become corrupt or destroyed.

Frequent regular backups will let you go to sleep knowing your data is safe. By taking regular backups, you can restore your data to a previous state if it’s lost. For example, if your server is damage or you suffer a ransomware attack, your data will not be lost thanks to the backup.


Creating a security culture is key to stay Cyber Secure.

In the Cyber Security Breaches Survey 2022, 83% of business identified being attacked by phishing, yet only 29% of businesses conducted some form of staff training.

Making everyone aware of security policies and how to spot phishing emails is key to raising awareness and preventing a cyber-attack. You can train staff on some of the basic best practices and what to look out for to avoid being scammed.

The key is making staff feel comfortable to questions others if they do not recognise them or are unsure about an email they received. It is also important to make them feel confident that when they make a mistake, they should report it without the fear of consequences. They should be thanked for helping the company respond quicker and following the right process.

If you are looking for further advice on where to start or if you need support in getting cyber secure give us a call.


[1] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022#overview