Talking with a company recently, they had the unfortunate experience of finding out that someone had been in their email system for four months, before they discovered the activity and the fraud.
Looking at an incident like that and the response required is quite scary to think about. So the very best advice I can give you, is make some kind of a start.
Start easy. Start looking at the business in its entirety, not just the IT. Write down what's important to you. Of course, email is going to be on that list. Files are going to be on there. Your applications are going to be on there.
But where are your files? Have a think. Are they in Dropbox? Shared drives? Servers? Do you have servers? Do you have applications running on them? What's important to you as a business? Write down how long you think you could last without access to them. Are they super important? Are they critical? If you didn't have an accounting system or didn't have a laptop for a few days, would that be critical?
Start with an asset inventory. And start with the data, not the hardware. What data have you got? Emails, documents, applications. Where are they? How important are they to you? And then, you must get your IT and cyber security partner in for a conversation. Ask them where you stand on everything you have identified.
Start easy. Have an inventory of your data and grade it's importance. High and low is all you need and invite your IT company in for that conversation.
If you want to have a no obligation chat about your business security risks, get in touch below.