There seems to be a cyber security or data privacy story in the news every week. We live in a digitally enabled society, yet data protection is poorly managed and systems are hacked on a daily basis.

There are three aspects to business growth - people, processes and technology. Equally, these also apply to cyber security. Steve Borwell-Fox from borwell, provides some insight into how to implement cyber security effectively in a growing business.

People using IT and software systems need skills. Therefore, prior training and experience is important as is ongoing skill development. Make people the strongest link in your cyber defences - put staff on security awareness training. New staff should go on this type of course around 3 months in and it especially staff who are using CRM systems, finance systems and working with sensitive company or customer data.

Processes need to be documented, be usable, and kept up-to-date. Document any process that has a risk of a mistake being made, or could be less efficient if staff just made up their own process. A written procedure should explain how to execute the process, and ideally contains photos or screen shots walking through the process steps in detail. Growing businesses should aspire to achieve ISO 9001 certification. This provides a great platform on which to add your Information Assurance (IA) policies and procedures.

Technology should be up-to-date and a budget allocated each year to replace servers every 5 years, desktops every 3 years and laptops every 2-3 years.

Staggering these purchases will prevent the business owner from stalling investing in a particularly tough year, which in turn could lead to old computers with out of data Operating Systems being used. These will be vulnerable and could jeopardise the security of the business. Bad investment designs will compound the problem. My team sees this every week - the MD might have a new car, but staff are using out of date IT, with old monitors, and poor productivity as a result.

In summary, speak with your IT provider and plan to invest in IT. Put staff on training courses. Aim for ISO 9001, and in the short-term get help with Cyber Essentials Scheme certification. Grow your business confidently, productively and securely.

• For help and support with your Cyber Security, IT and training needs call the borwell team on 01684 377980 or email securesoftware@borwell.com 

• Steve Borwell-Fox will be facilitating a GAINS Masterclass at the University of Gloucestershire on 25th May. GAINS is part-funded by the European Regional Development Fund, and Gloucestershire based SMEs can register for a fully-funded place here.