Did you know that the average ransomware attack on a business costs thousands of pounds to fix? Wait, what? You own or manage a business but don't know *exactly* what ransomware is, other than it sounds faintly cowboy-like? We hear you. But the thing is, you just can't ignore cybersecurity if you own any kind of business or organisation. Profit-making or non-profit-making, selling awesome products or terrible cologne, cybercriminals just don't care. They want your money. They want your data. They are ruthless - and they never stop working to attack business systems and make them pay.

You have to stay ahead of the game. And that means being prepared, strategic and almost as deviously clever as your average IT cybercriminals (who could be located anywhere in the world, sitting in a cafe, drinking good coffee and attacking your systems on their laptop without a care in the world!)

Don't be a sitting duck. Here are some simple ways to improve IT security at your business, and to boost your cyber security credentials, with the tech equivalent of a moat and army.

1. Take your hardware inventory

Do you know those laptops that are sitting in the marketing cupboard, behind the flyers? Wait, you didn't? OK, it's time to do a thorough inventory of your business hardware - from phones to desktops - and then get a process in place for managing, recording and updating it. Without that knowledge, you could have things disappearing left, right and centre and you'd never know!

2. Do the same with your software...

There are automated tools for doing this - they scan IP address ranges (aka, anything in your business) and analyse the traffic to see what software and devices are being used. This will tell you what you've got and what people are using (it could be enlightening) and then give you the info to keep on top of things. Chances are you'll want to get some pretty clear software policies in place when you see how many employees are playing Tetris quietly when they're supposed to be updating that costing spreadsheet.

3. Get your configurations secure

Remove the 'crapware' from your machines, and any software that you don't need on your servers. It's spring cleaning time! Then ask yourself how many applications are needed on a machine for a staff member to do their job. Bin the rest! You need to be slim, agile and free from clutter - embrace the minimalist ethos and achieve software Zen with this 'rightsize' approach. From this point, you can get egress and ingress filtering in place, documenting all configurations and securing them. Yes, this sounds tremendously boring and it can be. So use an IT consultant who finds it truly fascinating.

4. Defend your boundaries!

Like a vigilant Western cowboy defending his boundaries, you need to deploy blacklists, whitelists, configure outbound controls and get an IDS system in place. Ten-gallon hat and spurs optional.

5. Security Audit logging time

Those audit logs need to be in place. And when they are in place, you need to monitor them to know what's going on in your network and identify any unusual behaviour.

6. Get your application software security sorted

This is another easy one - use Web application firewalls and then application layer security installed to protect every business application from a range of attacks. Learn this phrase 'Multi Factor Authentication' (Click to learn more) as this will significantly boost your cyber security.

7. Think about your admin privileges

Not all of your staff need to be able to access everything. Some staff will need it all - but even they don't need to read Debbie in accounts emails, EVEN IF she has a lively and colourful life that's worth knowing more about. Make sure every user has different passwords and accounts for their non-admin and admin activities.

8. Passwords

YES WE KNOW that 'password!1' is easy to remember, but so do cybercriminals. And yes, there are default user names and passwords that save you so much time... but also, millions of pounds in stolen revenue every year right? Get a password protocol in place.

9. Have a clear data access policy

What data do you need to protect? Where exactly is it? Who needs to see it? How is it controlled? You need a policy! That's great news. Everyone loves making a policy, right? If you don't, call in that IT consultant for a best practice model.

10. Upgrade your malware protection software

Work with your IT specialists to make sure your malware detection software is completely up to date and best in class. These systems aren't even expensive, but they do need updating and deploying across your network. Smile nicely at the team with the tech skills and they'll keep the cybercrime at bay.

11. Delete leavers - fully

Has an employee dared to leave your business? Make them pay. Well, not really, but make sure they are fully excited using a clear process. You must recover the devices that they have assigned to them via your audit and then revoke all privileges and user access. For a sobering case study, consider every business that ended up with a disgruntled ex-employee going to town on their branded social media pages...

12. Train, train, train

You need to build an IT awareness and safety culture and keep on top of communications that show your staff how important this topic is. Start a fascinating debate about malware in the canteen. Gather staff around for a brew on a Friday morning and entrance them with tales of computer viruses. Failing that, implement a solid training, development, communications and monitoring strategy that ensures your people are always up to date and know what's expected of them.

Get the help you need

If you are looking for professionals who can help you improve your cybersecurity, choose Yoozoom.

Yoozoom is the UK's leading specialist provider of business cloud systems. We offer a full range of services to businesses of all kinds and sizes, including our GAP analysis that can help to find weaknesses in your hardware and software and help you to better understand the opportunities and threats your IT systems might face.

Contact us to find out more or sign up to our mailing list for coffee-time newsletters that help you to run a better business. (No spam, we promise)