Issues you (expect to) face
- You need to exchange sensitive material with clients, like health data containing PII, but most clients aren't clear about how they safeguard such information.
- Your IT contractors ask you to avoid using email to send assets, telling you email security is insufficient. If they don't, ask them why not.
- You don't have an IT helpdesk, so you're responsible for finding and setting up the right tools and practices for your team.
With basic business activities (like banking, communication, and marketing) achieved using the internet, digital safety is an important investment.
Your digital safety is important. Evaluate your usecase. In the meantime, use these quickstarts to get started with basic defences to common cyber threats.
Get started with these three resources
1. Your IT contractors sometimes use jargon. We suggest using our Glossary to look up common terms they may use. To watch out for yourself, you need understand what's happening.
2. Credential stuffing is a common danger, and is growing in frequency. For example, 2020's CRA breach was down to people reusing passwords. Fortunately, credential stuffing is avoidable. To be safe, use a password manager to create unique passwords for all your logins.
3. When operating in the healthcare sector, avoid document collection via email. Documents sent via email tend to lie around for a long time, in effect waiting to be stolen.
4. (BONUS!) Yes, we did say three resources. But knowing from experience that all small businesses handle a non-trivial amount of their own IT, this is one more guide that you'll find helpful－ to easily, and reliably, archive documents for tax and regulations.