I have anti-virus software do I need more than this?
It’s great that you have that – good antivirus software is a key foundational element of technical security that all organisations should have. There are many other requirements of an effective security strategy however, both technical and non-technical. These include things like keeping your devices up to date with Operating System and Application updates, firewalls, backups and other technical measures, as well as security policies, defined processes, incident and data breach response plans, and training.
Every business is different, and what your business needs will depend on a number of factors such as what data you handle, how your staff work, what devices you use, what industry you are in and regulations you need to comply with, what your customers expect and required, as well as your own business appetite for risk. We frequently help clients understand these factors through a Cyber Security Risk Assessment. You can also check the NCSC (National Cyber Security Centre) website as a good place to start on the basics.
As far as your antivirus goes, there’s a couple of things you must do to make sure it’s effective. Firstly, make sure you understand ALL of the devices on which your team are accessing your data and systems, and make sure antivirus is installed on ALL of them. Secondly, make sure it is kept up to date, and you can identify and deal with any devices that aren’t. Also, make sure you have a central monitoring/reporting mechanism to provide visibility of what might be picked up by the antivirus software. If someone manages it for you, make sure they are monitoring it pro-actively and providing you with regular reports.