DYI Guide To Cyber Security

The DIY Guide to Cyber Security — Important points from The Cyber Security Breaches Survey 2023

Fb Logo Uk Wheel Rgb 200Px
Phil Chapman
26 July, 2023

Last year we moved house. But we didn’t just move house, we also moved country – as we never do things by half.

We like the quaint country cottage type house in the middle of nowhere – so that’s where we ended up!

Buying an old house is both exciting and nerve-racking. You get structural surveys, you measure up – you have in your mind’s eye what you would change and you set a budget and timeframe to get the work done. But you never see the all the ‘features’ until you start working on it!

Every time a brick falls out of a wall – we assess the rustic ‘features’ we invested in.

We estimated 3 months to get it sorted and a certain budget – but we were also adamant that we would get the right trades people in to do the work.

Six months in and we are half done and the budget is blown. If you watch Grand Designs or Homes Under the Hammer – you know what I am talking about! After spending the first 4 months of living in our new house with a bunch of tradespeople – kitchen fitters, plasterers, plumbers, electricians and builders – we made a joint decision that we would stop the renovations to enjoy the summer and start again when funds allow.

We still need a new bathroom. But I got a wide-screen TV – so the priorities were right!

Everybody and everything is far more expensive than it was 2 years ago. I wish I had a pound for every tradesperson that has told us that recently. But if you want it done you have to pay (and invariably wait) to get it done.

Outsourcing the work is necessary in some cases, but with a bit of planning you can do a lot of the work yourself.

We have done a lot ourselves and although my DIY skills were okay(ish), even my wife has noticed that I have got better over the past few months. Mostly through necessity.

So, what are my top tips for a good DIY job:

  • Invest in proper tools.  You don’t need many but you do need quality.
  • Research and study how to use your tools correctly and efficiently – maybe get some training.
  • Take your time.
  • Talk to other people you trust, about how they do things.
  • Plan and prepare well before staring a job.
  • Consider the risks and plan for the unexpected.
  • Consider the budget.

So – what has the above got to do with Cyber Security in the workplace?

Re-read the list of how to do a good DIY job above but don’t think about hammers and nails – think about protecting data and stuff.

There is a very interesting article on the Gov.uk website that gives the official statistics about the Cyber Security Breaches Survey 2023.

If you like stats, you will find it interesting. If you don’t like stats (and apparently 48% of us don’t) then you won’t find the Cyber Security Breaches Survey very interesting!

There are a couple of noticeable stats in this report that I will drag out for you.

“32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months.”

“The proportion of micro businesses saying Cyber Security is a high priority has decreased from 80% in 2022 to 68% this year. Qualitative evidence suggests that Cyber Security has dropped down the priority lists for these smaller organisations, relative to wider economic concerns like inflation and uncertainty.”

“The most common cyber threats are relatively unsophisticated, so Government guidance advises businesses and charities to protect themselves using a set of 'cyber hygiene' measures.”

“Qualitative data shows a similar set of issues to previous years that prevent boards from engaging more in Cyber Security, including a lack of knowledge, training and time.”

“49% of businesses and 44% of charities report seeking information or guidance on Cyber Security from outside their organisation in the past year, most commonly from external Cyber Security consultants, IT consultants or IT service providers.”

“We estimate that, across all UK businesses, there were approximately 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime in the last 12 months. Across charities, there were approximately 785,000 cyber crimes over this period.”

Outside of the stats and analysis of this report there are some very interesting quotes from a wide cross section of business managers and leaders.

“In moments of uncertainty, with costs increasing, it’s tempting to cut corners when you see how much cloud systems, antivirus, firewalls are costing. The risk is that pressure on margins leads you to cut corners, to reduce the amount you spend on Cyber Security.”

Cyber Security is seen as "a scary, messy business with lots of technical challenges, best left to the experts. But there’s a growing recognition that it’s staff behaviours that drive most of the Cyber Security risk, so we need to share more with the SMT [Senior Management Team], so they know where the threats are coming from and what behaviours might be seen as risky.”

“Although we have senior managers who are good at the role, they don’t have awareness in Cyber Security. I try to ensure they have a basic understanding, training, and knowledge in it. But they are focused on the day-to-day.”

The general trend is that Cyber Security risk remains high but has become less of a priority to a large proportion of businesses due to several factors, the biggest being cost implications and lack of skills.

However, as with all good projects, a small investment in the right tools and skills for what you need and then using what assets to have already in place will go a long way to getting a job done well, in a cost effective way.

One of the underlying problems in the Cyber Security risk matrix is the lack of user awareness and training, and this probably comes with the least amount of cost to implement.

No fancy, scary technology, firewalls, applications, cloud service providers or insurance policies required.  Just a bit of time, some research and using a whole load of free resources – organisations (small and large) can implement awareness campaigns which are guaranteed to have an impact on their cyber hygiene at minimal cost.  And you don’t need to outsource it.

The NCSC has a whole host of free resources that you can tap into, such as:

And this is great place to start!

Make it relevant and make it fun, without detracting from the point. But, most importantly, if you are the person delivering the awareness training, be totally committed and invested in it. Your passion, enthusiasm and knowledge will have a lasting impact above and beyond your PowerPoint slides!

The most important thing for us all at the moment is to keep our guards up and remain vigilant.

The budget is not allowing for a new bathroom at the moment, but I still take a shower every day and brush my teeth. There is no excuse not too as hygiene is important to me and those around me!

DIY long and prosper!

Fight Cyber Crime with Firebrand

For the past twelve years in a row, we’ve been named one of the Top 20 IT Training Companies in the World. At Firebrand, we take Cyber Security very seriously, making it a core component of our accelerated courses, Apprenticeships, and Skills Bootcamps.

Perhaps one of them is right for you? See all our Cyber Security courses.