October marks Cyber Security awareness month — a reminder for every organisation to review how well they’re protecting their data, both digital and physical.
We spoke with Breakwater IT, trusted specialists in managed IT and cyber security, to discuss how businesses can strengthen their defences, build awareness among staff, and stay resilient against ever-evolving threats.
At Archive-Vault, we know that safeguarding information doesn’t stop at your network. Protecting physical documents, scanned records and archived files is just as important. Together, companies like Breakwater IT and Archive-Vault provide end-to-end data protection — from secure systems to secure storage.
Here are our top questions and insights for Cyber Security awareness month:
1. What are the biggest cyber security threats facing UK businesses right now?
It’s the topic we cannot escape right now; artificial intelligence (AI).
While it remains important to stay vigilant against threats like phishing, ransomware, and insider attacks, a major concern is how AI is enabling cyber criminals to operate more quickly and intelligently. We are already seeing cyber criminals use AI to:
- Accelerate phishing and social engineering attacks with the ability to scrape information quickly and generate fairly convincing emails or voice clones.
- Create adaptive malware that evolves to avoid being detected.
- Scan for vulnerabilities and exploit them using AI-powered botnets.
- Bypass security systems by mimicking typical user behaviour.
However, it’s not all negative. Just as cyber criminals use AI to enhance their attacks, technology companies are using it to defend against them.
AI cyber security can detect threats in real time, monitor behaviour continuously to find anomalies, and automate incident response. It’s important to invest in cyber security tools that evolve with the threat landscape.
2. What are the simplest steps employees can take to improve their cyber hygiene?
There are four essentials that we recommended for employees:
Strong passwords
It’s almost unbelievable that people still use ‘password’ as their password. You shouldn’t use any common words or phrases, names, favourite sports teams, or keyboard patterns.
Instead, consider using three random words, such as ‘moonraccoonlight’. And include a mix of characters, such as symbols and numbers. We also recommend using a password generator to create the most secure passwords, but for this, you are going to need a…
Password Manager
We’d suggest implementing a password manager across the whole business for better security management. With a password manager, the only password you need to remember is the one for your password manager.
They generate, store, and autofill your overly complicated passwords, as well as other sensitive information such as card details, addresses, IDs and more. Password managers also allow you to safely share passwords with colleagues, granting access to accounts without them seeing the password.
To keep your accounts and password manager secure, you also need…
Multi-Factor Authentication (MFA)
The password is step one to accessing your account, MFA is step two. If your password is compromised, then MFA stops criminals accessing your account.
There are several types of MFA. We recommend an authenticator app, such as Microsoft Authenticator. The app generates unique codes that change every 30 seconds.
If you do not want an app on your phone, we recommend a Yubikey. Yubikeys are considered a phishless MFA method, requiring the device to be plugged in, a unique code entered, and touch confirmation.
Zero Trust
Unfortunately, nowadays, you really cannot trust anything. Zero trust is all about verifying before actioning. Were you expecting your colleague to send you an email containing a shared file? What about a call from your IT provider requesting remote device access?
Before you click that link, or allow the access, take a moment to question it. If needed, hang up the phone. Contact the sender or caller direct to verify the request.
3. How can business create a stronger ‘security first’ culture?
Regular training is key. It doesn’t have to be three hours in a classroom with a wordy PowerPoint presentation.
Internally, we send regular, bitesize videos that use humour and scenario-led stories. The videos end with a one question quiz on how to respond to certain security threats. We would also recommend phishing simulations.
Remember that simulations and training quizzes are not about catching people out. It helps you identify those who might need further training to offer a more personalised approach to your security awareness.
Your security culture should allow people to be open and honest. If someone receives a phishing email in their inbox, they shouldn’t feel concerned or worried. If our team receives an email they believe is phishing, they share this with the rest of the team to see if anyone else received the same email, and to prevent anyone from clicking if they have.
4. What are the key benefits of partnering with an external IT company?
At Breakwater IT, we understand that IT support is more than just a helpdesk to call when something isn’t working. Our support package is about being reactive and proactive, looking to prevent both IT and security issues before they disrupt you with 24/7 monitoring.
As a security focused IT provider, we included added benefits in our support package, such as internal and external vulnerability scans, phishing simulations, app protection policies, cyber essentials assessments and more. We use most of the solutions we offer to protect and operate ourselves, so you know we won’t provide you with a service we don’t trust or understand.
5. Why is it important not to overlook physical document when it comes to data protection?
Paper records often contain highly sensitive or confidential information such as personal data, financial details, or original documents like Wills and Deeds. If these documents are misplaced, damaged, or accessed by unauthorised personnel, it can potentially lead to data breaches, compliance failures for auditing purposes, and damage to reputation.
By using a trusted secure document storage and scanning company like Archive-Vault, organisations can significantly reduce these risks. We provide secure off-site storage facilities with controlled access, robust security measures, and full traceability of every item.
Our professional document scanning services also enable businesses to digitise records safely, ensuring compliance with data protection regulations while maintaining fast, secure access to information.
6. If a business or organisation could do two things this month to strengthen its data security, what should they be?
Breakwater IT recommend: Test your backups.
Your backups are the difference between disaster or business as usual if the worst happens. And remember, backups aren’t just about cyber-attacks. They are also there in the event of accidental deletion, hardware failures or natural disasters.
Archive-Vault recommend: Determine the confidentiality status of your records.
Classifying your records by sensitivity is a vital part of your data privacy and security processes. The four standard data classification levels are: Public, Internal, Confidential and Restricted data. Ensuring the right documents are placed in the right category is essential to prevent unauthorised personnel accessing documents they shouldn’t.
Cyber security awareness isn’t just about technology, it’s about mindset and keeping security at the forefront. By combining expert IT protection from Breakwater IT with records management from Archive-Vault, organisations can protect their information from every angle. Online and offline.
Together, these proactive steps help businesses build trust, ensure compliance, and safeguard their most valuable asset: data.
If you’d like to talk to us about the security of your documents, please get in touch. You can call us on 01603 720722 or email info@archive-vault.co.uk
