Cyber security is not just a technical issue, but a business one. Businesses rely on collaboration with clients, suppliers, partners and colleagues to deliver value and achieve their goals. However, collaboration also exposes businesses to cyber risks, such as data breaches, ransomware, phishing and denial-of-service attacks. These can have serious consequences, such as reputational damage, financial losses, legal liabilities and operational disruptions.
To protect your business from these threats, you need to adopt a cyber security culture that covers both your internal and external collaboration. This means ensuring that you and your collaborators have the appropriate policies, processes and practices in place to safeguard your data and systems. One way to do this is to follow frameworks such as the Cyber Essentials scheme, a government-backed, industry-supported initiative that helps organisations of any size and sector improve their cyber security.
What is Cyber Essentials?
Cyber Essentials is a set of basic technical controls that organisations should have in place to protect themselves against common online security threats. The scheme was launched in 2014 by the UK government and is overseen by the National Cyber Security Centre (NCSC). The scheme has two levels of certification: Cyber Essentials and Cyber Essentials Plus. The former requires a self-assessment questionnaire and an external vulnerability scan, while the latter requires an additional internal scan and an on-site assessment by an accredited assessor.
The scheme covers five key areas of cyber security:
- Secure configuration: ensuring that your devices and software are configured securely and updated regularly.
- Firewalls and gateways: preventing unauthorised access to your network and devices by using firewalls and other boundary devices.
- Access control: limiting access to your data and systems by using strong passwords, multi-factor authentication and the principle of least privilege.
- Malware protection: preventing and detecting malware infections by using antivirus software, email filtering and web security tools.
- Patch management: fixing vulnerabilities in your software and firmware by applying patches and updates as soon as they are available.
By implementing these controls, you can reduce your exposure to 80% of the most common cyber attacks. You can also demonstrate your commitment to cyber security to your customers and suppliers, as well as comply with the government’s requirements for bidding for certain contracts involving sensitive and personal information.
How to collaborate securely using the right tools
Collaboration is essential for business success, but it also introduces cyber risks. To mitigate these risks, you need to ensure that your collaboration tools and platforms are secure and that your collaborators follow good cyber security practices. Here are some tips on how to collaborate securely with Cyber Essentials:
Choose secure tools and platforms:
When selecting collaboration tools and platforms, such as email, cloud storage, video conferencing and project management software, you should consider their security features and reputation. You should also check their terms and conditions, privacy policies and data protection agreements to understand how they handle your data and what rights and responsibilities you have. Avoid using personal or unauthorised devices and accounts for business purposes, as they may not have the same level of security as your official ones. Some examples of secure collaboration tools and platforms are Microsoft 365, Google Workspace, and Miro.
Configure your collaboration tools and platforms securely:
Once you have chosen your collaboration tools and platforms, you should configure them securely according to the Cyber Essentials guidelines. This means enabling encryption, firewalls, antivirus, backups and other security settings. You should also update your tools and platforms regularly to fix any vulnerabilities and improve their performance. Try to avoid using default or weak passwords, and instead use strong and unique passwords for each account. Wherever possible enable multi-factor authentication, where possible, to add an extra layer of security to your login process.
Educate your collaborators about cyber security:
Cyber security is not only a technical issue, but also a human one. Educating your team about the cyber threats they may face and the best practices they should follow to prevent and respond to them. Establishing clear and consistent policies and procedures for your collaboration, such as who can access what data, how to share data securely, how to report incidents and how to handle breaches. You should also monitor and audit your collaboration activities to ensure compliance and identify any issues or gaps.
Get certified with Cyber Essentials:
Getting certified with Cyber Essentials is a great way to show your collaborators that you take cyber security seriously and that you have the necessary controls in place to protect your data and systems. It can also help you to win new business, as some customers and suppliers may prefer or require working with certified organisations. To get certified with Cyber Essentials, you can find more information and guidance on our website.
How to share files securely
File sharing is a common and convenient way of collaborating with your clients, suppliers, partners and colleagues. However, file sharing also poses cyber risks, such as data leakage, malware infection, unauthorised access and modification. To share files securely with Cyber Essentials, you should follow these steps:
Choose a secure file sharing service:
Use a file sharing service that offers encryption, access control, version control, audit logs and other security features. You should also check the service’s terms and conditions, privacy policies and data protection agreements to understand how they handle your files and what rights and responsibilities you have. Avoid using personal or unauthorised services for business purposes, as they may not have the same level of security as your official ones. Some examples of secure file sharing services are OneDrive, Dropbox, and Box.
Upload your files securely:
Upload your files securely by using a strong and unique password, multi-factor authentication and a secure connection (HTTPS). You should also scan your files for malware before uploading them and encrypt them if they contain sensitive or personal information. Also backup your files regularly to prevent data loss in case of a cyber attack or a technical failure.
Share your files securely:
Share your files securely by using the appropriate permissions and settings. You should only share your files with the intended recipients and limit their access to what they need. Set an expiry date for the shared link and revoke it when it is no longer needed. You should also notify your recipients about the shared files and instruct them on how to access and use them securely. Finally monitor and audit your file sharing activities to ensure compliance and identify any issues or gaps.
Collaboration is essential for every business and is a large part of working with your clients and team. Equipping your business with the right tools and knowledge will not only help with efficiency but will also keep your organisation safe from cyber threats. Cyber security is a business issue that affects your collaboration with your clients, suppliers, partners and colleagues. By following the Cyber Essentials scheme, you can improve your cyber security and protect your data and systems from common online threats. If you would like to find out more about how to keep your business secure, speak to one of our team today.
