Skip to Content

SSA and ASA Recommendations

Office 365 and Accounts


Create a cloud services list: This involves gathering a list of all the online services you use to run your business, this could be accounting software or a stock management system. We will then be able to check the security on each platform.

Network


Service Set Identifiers & Security: You may have multiple Wi-Fi networks at your business for example ‘Guest Wi-Fi’ and ‘Staff Wi-Fi’, it helps us to have the names of each of these networks. If we can easily identify a network under attack we will be able to mitigate issues faster.  

Documentation


The below policies are recommended for your organisation. Much like a HR policy, these documents protect your business and inform your staff of what is expected of them in a cyber security context. Please feel free to use below templates, however we ask that you do not directly copy and paste them. Please ensure they are appropriate for the needs of your specific business.

Administrator policy

Computer usage policy

Password policy

Website


2 Factor Authentication for Editors

Please ensure 2FA is enabled for anyone with editor permissions on your website.

Policies, Terms & Compliance

It is now essential for GDPR that your website has the appropriate policies, we have linked each policy below. We ask that you so not directly copy and paste the policies on our website, and ensure they are appropriate for your own business use.

We have detailed which policies are compulsory for GDPR and which are optional, but highly recommended.

Terms of business – highly recommended. This will act as a safeguard for your business.

Privacy Policy – compulsory.

Cookie policy – compulsory

Accessibility statement – compulsory

Cookies Banner

Compulsory. Please ensure you have a banner that displays as soon as a user accesses your site, detailing the use of Cookies and asking if the user wishes to proceed / confirm.

Consent on contact form

Compulsory. Please ensure that there is an option for the customer to click/tick to confirm that they consent to have their details used by your company. According to GDPR guidelines ‘consent must be freely given, specific, informed, and unambiguous, meaning users must actively opt-in through a clear affirmative action’.

ReCaptcha

ReCaptcha is a free service used to distinguish between humans and automated bots trying to access your site. Recaptcha is very effective in stopping this form of automated attack and is very easy to add to your site, most website providers will know how to do this on your behalf.