You’ve probably spent years building up your business, winning customers, finding new ways to work to be more effective and efficient and provide high levels of service.

You have probably invested heavily in IT, which we all depend on these days, and are working to ensure you are GDPR compliant.

Now imagine this.  One day, from out of the blue, a virus or malware strikes, or you find there’s been a security leak and your systems are shut down!

Naturally, prevention is better than cure, and in this context there are two things you can do now to help minimize the risks:

Your IT providers:  challenge them to reassure you that you have the right processes and protection in place.  Remember…phones and tablets are computers too!

Your staff: are you sure they are aware of risks and how to avoid them? What are you going to do to make sure they are armed with the right knowledge?

We don’t need to tell you about the importance of good online security: regular software updates, regular data back-up, good firewalls and anti-virus protection.

You may even be confident that you have all this in place – but when did you last actually ask your IT provider for a cyber-security health check?

And don’t forget smartphones, iPads linking to your email servers, and remote workers on your virtual private network VPN.  They need updates and protection too!

Ask IT to explain what steps they have taken to protect your network and why they are the right ones.

At the end of the day, the weakest link in the chain might be staff. Are they all trained and aware of the risks and scams that they are likely to come across? Do you have an email policy? Or a policy for classifying and sharing information?  Crooks needn’t even be very cyber-savvy, for example, how many calls have you received from business directories trying to get sensitive information?

Who to trust

There are plenty of businesses offering cyber security advice, but you can make a good start for free using the Government’s free online Cyber Aware website.

For small businesses, this quick quiz will probably give you food for thought.

We are mindful that, while electronic information is a key vulnerability if not managed properly, there are other security risks to a business too.

A Price Waterhouse Coopers* report said that company employees are responsible for 30% of security incidents within businesses, so allocating time for broad-based training could pay huge dividends.

The Government portal also offers advice on how to achieve Cyber Essential accreditation, which could help assure your customers that you take protecting their data seriously at a time when breaches are much in the news.

If you want to see the bigger picture on security, do look at the latest PWC report on the Global State of Information Security. Interestingly, they suggest that the quest for better IT security is revealing new opportunities to do business better.

Cyber-risk and insurance

If you haven’t already done so, you may want to consider insuring against the consequences of a cyber-attack.  You can find out more about Deacon’s cyber cover or call us on 08000 92 93 94.


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area.  We make no claims as to the completeness or accuracy of the information contained herein or the links which were active at the time of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited trading as Deacon accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.