Can I ask you 64 questions?

If you are a small business owner it can be difficult to know whether you’ve taken reasonable steps to protect your company (and customer’s) data. I say reasonable steps because that’s the phrase that the Information Commissioners Office (ICO) uses when mitigating their response to data breaches.

So what is a ‘reasonable step’. For example, if I were to ask you the following question;

When you first receive an internet router or hardware firewall device it will have had a default password on it. Has this initial password been changed on all such devices?

and your answer would be YES !

or perhaps more verbosely;

Yes, as part of our device hardening procedure we change the default password on all network hardware before it is connected to our network.

You could then include this statement in your standing instructions to your IT supplier and in your staff documentation.

So far, so sensible. If we agree that the question above is a reasonable question to ask, because it makes us think about the data security of our network, then can we think of more questions that should also be asked?

Luckily, we don’t have to, because the government scheme called Cyber Essentials provides us with a list of 64 questions that, when used as a basis for securing your systems, go a long way to improving your data security.

Let’s take another one;

Do all your users and administrators use passwords of at least 8 characters?

As you can see, these are not questions you would answer “No” to. They are prompts that encourage you to think about the security of your network and the data within it.

Cyber Essentials provides a series of questions and recommendations. Once you have made the changes prompted by the questions posed, you upload your answers to a government portal and receive (in return) a certification for CE (Cyber Essentials) and for most, a year’s Cyber insurance. There is a £300 fee and you can do it all yourself, or employ some help (including from us) to get you ready.

These are questions that you should be asking anyway – it’s just that the hard work has already be done for you, in 64 questions.