Skip to main content
We’re here with practical IT information for your business.

Search

  1. Home
  2. IT security
  3. Your security plan

Computer hardware

How to choose the right computer equipment for your business to increase your productivity and efficiency without it costing the earth.

Business software

Business software helps you complete a range of tasks. Choose the right software, provide support and train your staff with our introduction.

The internet

It is highly likely that you depend on the internet for some aspects of your business. Find out how you can use the internet more effectively.

Communications

Good communication with customers, partners and suppliers is vital for business success. This summary explores business communication methods.

IT security

How would you cope if your IT system failed or was breached? We cover the main IT security issues and how to protect against them.

Buy and manage IT

Good IT management can help you choose, use and implement IT. Our overview helps you manage IT in a way that maximises the return on your investment.

IT support

IT support is vital if you rely on your IT system. But how can you set up an effective safety net in case things go wrong? We explore the options.

Staff and IT training

Getting the right IT is just the first step. Appropriate training, policies and working practices can help you maximise return on your IT investment.

IT security

An IT security plan is a key tool to help your business protect its IT systems. Your security plan should state how you will guard against security vulnerabilities to protect your business from disruption and financial loss.

Effective IT security risk assessment

A security plan allows you to understand what security vulnerabilities are present in your IT systems. You can then take steps to prevent these problems occurring.

Your IT security plan doesn't have to be a long document covering all conceivable security vulnerabilities. But it should help you protect key business data and systems and ensure you adhere to relevant legislation, like the GDPR.

Additionally, the more complex your business IT system is, the more security vulnerabilities you will face. A formal IT security plan is the most effective way to manage these. It makes you less likely to overlook any gaps in your defences.

Writing your IT security plan

There are several stages to writing an effective security plan:

  1. Identify your IT assets. These are the hardware, software, systems and data which make up your IT system. They can include computer programs, servers and external services like web hosting.
  2. Carry out an IT security risk assessment. Establish what could threaten your assets. For instance, computer viruses, cyber criminals, physical damage or mistakes by employees. Consider the damage that could be caused in each case. For instance, if your server was taken offline, could your company continue to operate?
  3. Prioritise your IT protection. Once you've assessed the potential damage from each threat and the likelihood of it occurring, you can decide which threats it's most important to protect against. For example, you might determine that protecting your server is more important than protecting individual computers.
  4. Take appropriate precautions. Decide what steps you should take to protect against the risks you've identified and ensure your business is able to keep operating if something goes wrong. For example, you might restrict access to your server or install a hardware firewall. Your disaster recovery plan should explain what to do in a crisis.

It can be hard to spot all IT security vulnerabilities if you're not an IT expert. Your IT supplier or an external consultant may be best placed to cast a critical eye over your systems and procedures.

Keep your IT security plan pragmatic. It should explain practical steps your business can take to guard against security vulnerabilities. If it can't be put into action, your security plan is largely useless.

Reducing IT security vulnerabilities

Once you've written your IT security plan, you should implement its recommendations in your business:

  • Communicate the plan to your staff. Make specific employees responsible for specific areas. Ensure they have the time and resources to make the recommended changes to your IT systems.
  • Create IT policies and run training. Amend your IT policies so they are in line with your security plan. If necessary, run training so your staff understand how to minimise security vulnerabilities.
  • Set a timeline for the implementation of the measures in your plan. Remember that it may take longer to make big changes to your systems.

Maintaining your IT security plan

The information security risk to your business is constantly changing, so you should regularly review your security plan. Keep up-to-date with emerging security vulnerabilities by signing up to bulletins from security companies. Make sure you regularly update your protection. For example, by regularly updating your anti-virus software so that you are protected against the latest vulnerabilities.

If you make changes to your IT system or invest in new hardware or software, always review your security plan. Aim to identify any new security vulnerabilities.

Also review your policies and procedures 9-12 months after putting your plan into action to ensure you have implemented all the recommendations and that it is still fit for purpose. And put someone in charge of your security plan, so there's no chance of it being neglected.