Cyber securing your company without the ISO27001 certification: 5 tactical tips

Cyber securing your company without the ISO27001 certification: 5 tactical tips | Compleye

ISO27001 certification. You have probably heard about the term by now, whether you own a business, you’re employed, or you have read earlier articles of Compleye. In the latter case, kudos! ISO27001 is the certification that specifically deals with the security of data. Is the certification convenient? Undeniably. Is it mandatory or necessary to properly handle cyber security within your business? No. If your company is not in the position to afford the certification right now, or in case you have a different reason not to go through certification, you can still deal with cyber security. How? With our 5 tips.

What is cyber security?

In easy terminology – not underestimating you, just trying to keep life as simple as possible – cyber security is the practice of securing networks, resources, and systems from digital attacks. This means that anytime you take measures to protect a system or network from cyber attacks, you are practicing cyber security. Child’s play, right? Ok, not really, but you don’t have to be a wizkid to survive and thrive in security matters.  

5 tips on ISO-less cyber security within your business: 

  1. Educate. Before you think about software that can protect your data, you should focus on the people that work with these data. As long as there are human beings, of flesh and bone, busy with the data in a company and it’s not fully automated, you are always at risk for errors. This is why it’s super important to be able to educate your employees about cyber security. Teach the people in your company the things they need to know, make sure they are aware of the risks and provide them with good and consistent trainings. For smaller companies, it would even be a good idea to do these security trainings more than once a year. Every 6 months, at the very least, could be a good starting point. Maybe you can bring some cookies (real ones, not these annoying text files with small pieces of data).
  1. Encrypt private data. This should be a must, even if you’re a small company, because encryption is essential for protecting users’ online activities. Data encryption works by securing transmitted digital data on the cloud and computer systems. It conceals data by scrambling it, so that anyone who tries to view it can only see random information. Surprise suprise, hackers.
  1. Encrypt hardware. Every device has hardware, which can be encrypted seperately from your devices’ operating system. We highly suggest that you do use this, if you want to keep up with your cyber security. Want to know why? Let’s say that your laptop gets stolen. Super frustrating, obviously, but at least you don’t have to worry about anyone getting into your data.
  1. Use firewalls. A firewall is not only a very cool sounding word, but also (and moreso) an essential part of your business’ security system. Every operating system should have a firewall, since it defends your business by stopping threats before they make it into your network.
  1. Install anti malware. This can help prevent malware attacks, by scanning all incoming data and stopping malware from being installed and infecting your computer. Though, anti malware can be considered tricky. If you work at a company, but you work on your own device, how does a company install antimalware on your device without disrespecting your privacy or being  invasive? Fortunately, the solution is simple. If your company wants antimalware to be installed on employees’ devices, it should provide the employees with devices. Amen. 

Now, sit back and relax. If you are not able or not willing to go for the ISO27001 certification, you can still make sure your company is handling its cyber security correctly and sufficiently with the 5 tips above.

Bring it on, cybercriminals and viruses!

Curious for more? Contact us at info@compleye.io!