Every month Synergy48 Group members invite a select group of 20 clients to attend a Knowledge Sharing Dinner with a panel of 4 business specialists from different professions to discuss a different business issue. As part of the agenda the panelists participate in a Q & A session and each panelist provides attendees with a checklist outlining business best practice in relation to the issue under discussion. All attendees have the opportunity to review the elements in the checklist directly with panel members to determine how they relate to their business. Attendees leave the dinner with a detailed action plan for achieving best practice in their business.
This month’s action plan
Best practice checklist for protecting your business online
For each item on the checklist mark it as: completed, not applicable for your business, or high/medium/low priority for action.
From an IT Security perspective (IDamien Battersby, Proactive IT Solutions)
- We schedule regular (at least annual) security reviews with an IT Security expert to assess risks and impacts of a cyber attack.
- We have a prioritised plan which lists items needed to implement to improve IT security
- We have multi-factor authentication for cloud systems including email in place.
- We have best practice password practices and a password manager.
- We have a Cyber Attack Disaster Recovery plan which allows for rapid recovery during and after a cyber attack.
From an SEO and brand management perspective (Ian Hopkinson, Mad Scientist Digital)
- Our website is on secure hosting with a reputable company and has a site wide SSL certificate
- Our hosting provider and/or administrator blocks all IP addresses except those with permission to login and we have a unique passwords that can not be guessed by hackers or the like
- We have a procedure in place for regular password sweeps (a staff member leaving may trigger this event)
- We update our CMS and plugins on a regular basis (monthly recommended)
- We monitor the uptime and downtime of our website (via services such as “Pingdom”)
- We have Captchas installed on all web forms
- We have a Robots.txt installed to ‘ask’ Google not to crawl particular pages on our website (member logins etc)
- Our SEO provider has checked and verified the quality of links pointing to our site
- Our SEO provider has explained how and when these links where created
- We have explored blocking certain countries from crawling our website
- We track site visitors via Google Analytics, Google Search Console and Video Tracking
- We monitor all online communications and seek to respond in a timely manner to positive and negative feedback where appropriate (some may be spam or fake)
- We engage our customers across multiple online platforms in a way that seeks to learn from them and improve our product
- We have a social media policy for all online communications
From a commercial law perspective (Harvey Bowlt – Bowlt Commercial Lawyers)
- We have proper employment contracts, which deal with confidentiality, intellectual property and non-solicitation of customers, suppliers and other employees on termination.
- We have proper workplace policies dealing with the usage of computers, phones and other electronic devices and social media usage.
- We have an ongoing education program for our employees regarding the risks of doing business on the Internet and cyber security issues and we have an education program in place for new employees.
- We have appropriate terms and conditions and other core contracts for our business.
- We have checked that we are not infringing the copyright or trade marks of any other businesses (for businesses with an online marketing presence).
- We have registered patents, trade marks or designs to protect our own products and brands.
From a Risk Management and Insurance perspective (Peter Ligdopoulos, Delphic Insurance)
- We are aware of how cyber risk affects all aspects of our business and understand how it can impact it
- We have evaluated the exposure and formalised processes and procedures to mitigate the risk of disruption of an event
- We have company wide engagement programs to ensure that policies are understood and followed by employees
- We have a business continuity plan and/or a disaster recovery plan in place
- We have implemented a risk remediation programme to address gaps, and sought expert advice to purchase insurance to cover those that cannot be remediated.
- We are confident that our insurance policies adhere with our contractual obligations, including software licences and SaaS agreements.
- We are confident that our insurance provider is aware of, and complements, our post breach planning.
- We have considered the hidden cyber element of other business risks and made amendments to these policies.