Review your risk management plan regularly. Take the following steps to ensure that your risk is minimised and appropriately managed:
- Regularly test, monitor and improve your security controls to manage any change in the level of risk to your IT equipment, services and information.
- Remove any software or IT equipment that you no longer require. Ensure that sensitive data is fully removed before disposal.
- Review and manage any change in user access. Ensure user accounts are deleted when members of staff leave the business.
- In the aftermath of an attack, ensure any on-going threat such as malware has been removed. Identify the cause of the incident and address any gaps in your security that have been identified following the incident.
- If you fall victim to online fraud or attack, you should report the incident to the police via the Action Fraud website. You may also need to notify your customers and suppliers if their data has been compromised or lost.
Source of Information
Information taken from the HM Government publication “Small businesses: What you need to know about cyber security”
Reproduced under the Open Government Licence.