Small Business Cyber Security Made Easy: Building Resilience on Three Pillars

Passwords, People Centric Security, Risk Management

In the world of cyber security, there are three core pillars that form the foundation of your defence: people, processes, and technology. Each pillar holds equal weight and priority, with each being essential in safeguarding small and medium-sized businesses from ever-evolving cyber threats.
In this blog we’re going to explore these pillars, looking at why they’re so important, the risks each one presents to your company and how you can mitigate those risks with cyber security best practices and frameworks.

People: Your Human Firewall

When we talk about people, we’re talking about the employees and stakeholders responsible for maintaining information security within your organisation – that’s not only those who manage the security but also those who have access to it.
Your team is the first line of defence in your cyber security strategy, but they can also pose significant risks. Team members can fall victim to phishing emails or use weak passwords, we know that human error is a common entry point for cyber attacks. In fact, Verizon’s 2023 Data Breach Investigations Report states “74% of breaches involved the human element through error, privilege misuse, use of stolen credentials or social engineering. ”

of breaches involved external actors—with the majority being financially motivated.

of breaches involved the human element, which includes social engineering attacks, errors or misuse.

of all social engineering attacks are pretexting incidents—nearly double last year’s total.

Mitigating these risks through thorough training programs and regular awareness campaigns is essential, educating employees about the threats and best practices can significantly reduce the likelihood of a breach. Equally, this video from the National Cyber Security Centre (NCSC), helps us to recognise the importance of our people, People: the unsung heroes of cyber security in our story; should you consider a more people-centric cyber security approach? Identifying those areas of friction within your business which cause individuals to bend the rules will not only allow you the opportunity to improve processes and solutions, but show your employees you have listened to their concerns.

Processes: The Backbone of Your Security

Within cyber security, processes refer to the policies and procedures that guide your information security practices. Robust processes are crucial for ensuring your cyber security measures are effective as without clear protocols for software updates, data backups, and incident response plans, your business is vulnerable.
We talk about governance a lot, making sure you have the right policies and procedures in place to protect your security. Implementing and regularly reviewing these processes is vital for maintaining your strong security posture. In the event of a breach, for example, having a well-defined incident response plan can minimise its impact and ensure a swift recovery.

Technology: Your Digital Shield

In cyber security, technology refers to the tools and solutions used to protect your information assets. While people and processes are integral, the right technology acts as the final layer of defence.
It’s not just about having the latest tools – it’s about ensuring their seamless integration into your infrastructure. Have you invested in firewalls, encryption, and other secure technologies? Or considered how implementing multi-factor authentication might significantly reduce the risk of unauthorised access? Adding this extra layer of protection is something we talked about in our blog Passwords Please.

Cyber Security: The Synergy of the Three Pillars

Let’s look at an example of how the pillars work together for your cyber security.
Consider a company in which an employee unfortunately fell victim to a phishing attack. While the people pillar may have faltered, strong processes and technology should act as a backup. Regularly backing up data and having robust technology in place will minimise the impact of the breach and facilitate a speedy recovery.
Considering the impact of malware, let’s review how your cyber security is supported by these three pillars. We’ll use the people, process, and technology headings below to identify how these are layered to increase your organisation’s protection.

People – Staff training will be implemented to help spot phishing emails and other suspicious links or files. It’s essential to keep this updated with the latest threats such as the increase in HMRC-like spam emails which occurred in January.
Process – Ensure you have a process for staff to follow if they suspect they have received malicious files or links. Who do they report this to? Can it be reported easily if they inadvertently click on malicious files or links? Is there a process in place?
Technology – Anti-malware software should be installed, updated daily, and set to scan for malicious webpages as well as email threats.

By understanding and prioritising the three pillars of cyber security – people, processes, and technology – you can increase your company’s resilience against cyber threats.
The Cyber Essentials program we provide is designed to empower small businesses with the knowledge and tools to enhance their cyber security posture. By focusing on all three pillars, we’ll help you safeguard your digital assets effectively.
If you’d like to find out more about how we can help you, get in touch.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
icwp-wpsf-notbot	1 minute	This cookie, set by wordpress, is used for Bot Management.
shield-notbot-nonce	1 minute	For all visitors and users, a temporary cookie is used to provide a nonce value for the NotBot system. This cookie is used to overcome limitations imposed by WP page caching plugins that don’t allow the updating of on-page nonce values. We send the nonce value via a cookie to ensure the client has access to the latest, valid nonce. This cookie doesn’t track anything or is linked to any users or visitors. It simply provide data required by the NotBot system to complete requests successfully.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_gtag_UA_176941806_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.