Plan and budget to protect your business

Your plan doesn’t have to be complex. It should clearly and simply outline what needs to be protected and the key principles and rules for online security in your business. You can identify and adapt existing standards to deal with specific online security issues or technologies in the business, or write your own.

Ensure you include the following in your business plan:

  • Action plans for your staff to follow if something goes wrong, such as:
    • Equipment is lost or stolen
    • A computer is infected with a virus (such as ransomware)
    • Data is lost or stolen.
  • Employee policies – for safe use of the organisation’s internet-connection, IT network, email, social media, mobile devices and other computing assets. A policy on using strong passwords is also recommended.
  • An outline – for how sensitive information is handled (who has access and how is it stored/protected).
  • A tracking or asset management system – so you know who is using what equipment in the organisation.
  • Systems in place – to ensure operating systems, security software, web browsers and other software are kept up to date.