By Robbie Ross, CSO @Converged
“There were certain things regarding cybersecurity I just assumed my staff would know about. It turns out I was wrong.”

This is what a senior manager said to me recently during a meeting. A member of staff had been caught out by a phishing email. There were plenty of warning signs that the email was a scam, however on this occasion the recipient missed all of them. Why was that? Were they not paying attention, were they in a rush, or did they not know what to look out for? Thankfully in this case the impact was minor, but it had the potential to be much worse.

I’m sure that everyone reading this article knows that cybersecurity is important. That a cyber-attack on your business could have devastating consequences. But are you doing anything about it? I don’t just mean that you have anti-virus running and your firewall switched on. Would you know what to do if you suffered a cyber-attack? Have you examined what the impact could be on your company? Do you feel adequately informed about the cyber risk to your business?

For many the answer is often “no”, and when asked why the reasons range from “I don’t know where to start”, “cyber is too complicated/expensive” to “I don’t believe it’s a risk to my business”. But the fact is, if you’re connected to the internet, you’re vulnerable to a cyber-attack, and just like other business risks, cyber should be managed.

There is a popular phrase in our world – security is a journey and not a destination. No business starts off with excellent cybersecurity. It is not a product that can be lifted off a shelf and implemented. Instead, it’s a journey that you have to make a commitment to starting, in the knowledge that once you are on your way, your business will be far more secure than it was before.

Whether you are a start-up, an SME or an international business, you will travel the same journey. Your scale, risk profile or budget may differ, but you will pass through identical assessment pitstops and threat pitfalls en route.

To get you started on your journey, here are 5 areas for you to focus on. These safeguards are easy to understand and cost little to implement.

1. Back-up your data

Identify your essential data and make sure you keep a back-up of it. This can be as simple as a USB stick, a hard drive, or a separate computer. Whatever you use, it should never be left permanently connected to your network. Consider using a cloud storage solution that automatically does the job for you.

2. Malware protection

Malicious software (often known as Malware) is software that can cause significant harm to your business. To help protect your data from these viruses, ensure you have antivirus software installed on all devices. Also make sure that your firewall is turned on. A firewall creates a buffer zone between your network and the internet and comes preinstalled with most operating systems.

3. Software updates

It’s important that you keep all your software, applications and operating systems up-to-date, whether that be on your laptops and PCs or your smartphone and tablets. These updates often contain vital security fixes to known vulnerabilities that could be exploited by a cybercriminal.

4. Stong passwords

Our passwords are crucial when it comes to protecting our data. But ask yourself, are your passwords unique? Do you use different ones for different accounts, or do you repeat them? Do you use personal information such as a name, date of birth or a sports team? If so, you are not alone. After reading this article go and change just one of your passwords to a passphrase using 3 random words. I will get you started – table,coffee,window.

5. Staff education

Of the businesses who suffered a cyber-attack last year, 83% started with a phishing attempt (DCMS, Cybersecurity Breaches Survey 2022). Staff education is key. We can’t expect our team to recognise a phishing email if we are not providing any or adequate awareness training to help them identify suspicious requests and deal with them correctly. I take you back to the start of this article and the comment made by a senior manager. We cannot make assumptions about what our staff know. By training everyone you can have a level of confidence that they are aware and better prepared.

Free cyber support

If this article has given you the motivation to start your own cyber journey and you’d like to hear more about how you can make your business more cyber secure, then you’d be very welcome to come along to an event we are hosting with CeeD entitled ‘Your roadmap to better cyber security’. You can join us in person, or virtually, on Wednesday 15 June at ONE Tech Hub, Schoolhill, Aberdeen from 10am. For more information and to register your free place please visit