How to build a secure business
Business Owners often ask me about the products and services they should be using to build and run a secure startup or new business. This is what I tell them.
Office 365 or Google Workspace for Email and Documents
When it comes to the essentials of any business - email, calendar and somewhere to store your files, 99% of businesses are best served by using one of the main Cloud services - either Microsoft 365 (Office 365 as was) or Google Workspace. Personally I find the Microsoft offering is more useful for most organisations as it includes Sharepoint which is great for providing a place to store documents and policies that all staff need to be able to find and refer to - but you do need to opt for the ‘Business Premium’ edition to get the bundled cyber security tools to best protect your business. We look after configuring, security and managing our clients Office365 and GSuite environments as part of our Managed Cyber Team service.
Backup the cloud
Many people do not realise that neither Microsoft or Google provide any guarantee that the files and emails you give them to look after will actually be looked after and still be there tomorrow. In other words, you have to provide your own backup solution to archive emails and documents and also allow you to recover a file accidentally deleted or over written. Backups are also your best defence against ransomware. (Google Drive and OneDrive do not count, ransomeware will trash all those files as well if it gets onto your system)
We provide all our clients with backups for the Microsoft and Google environments using our own solution - Cool Waters Cloud Backup
Secure PC and Servers
Every PC and Server needs to be protected against malware (viruses, ransomware and other malicious code). We provide SentinelOne to all our clients along with 24*7 monitoring and support from our Security Operations Centre (SOC). This means that if the security alarms go off at 3 in the morning on a Sunday, our SOC team will spring into action to resolve the incident while you keep sleeping.
We can also take it up a level with a managed network Intrusion Detection System coupled with our 24*7 SOC making enterprise grade security available to businesses of any size, and at a surprisingly affordable price point.
Whether you go Windows or Mac is a matter of personal preference - we use both due to some tools only being available for Windows - and for that we use the Windows365 virtual Cloud PC service from Microsoft. The main thing is to ensure all security updates are applied promptly to the operating system and all apps, and get anti-ransomware protection from something like SentinelOne.
Public Website
Run your public website outside your network and use a managed service - you don’t want to get into having to install security patches and updates on your website every week. We’ve been using Squarespace for over 20 years and have never had a problem.
Get Certified
There is no point re-inventing the wheel when to comes to cyber-security, it is always best to go with a proven solution that is well tested. So how do you know your cyber security is done right - and how can you prove that to clients and potential clients? The easy answer is to get your business certified against a well known and trusted cyber security standard. In the UK the four main ones are:
Cyber Essentials - the UK government’s standard from the National Cyber Security Centre - it opens the door to public sector contracts and includes free cyber insurance
Cyber Assurance - from the same people who run Cyber Essentials, this increases the scope to include Data Protection, GDPR compliance and Business Continuity
ISO27001 - the internationally recognised gold standard for information security
PCI-DSS - the international standard required if you handle card payments