Can “It just took me completely by surprise” be used as an excuse for a Cyber Security breach anymore?
At Arculus we are trying hard to increase the overall business community’s awareness of Cyber Security, the simple steps you can take to protect yourself and to reassure organisations that it doesn’t necessarily need to cost a fortune to shore-up your defences.
Some businesses view their Cyber Security holistically, using standards and frameworks as tools to build and implement their strategy and get it right, starting with the basics. For the rest, it seems there are two schools of thought when it comes to Cyber Security:
Be terrified by the constant onslaught of national news about massive cyber security breaches and fear-based marketing.
Assume ‘The IT Team’ or ‘Legal’ or ‘someone else’ is looking after the Cyber Security side of things and just put it to the back of your mind.
Neither is a healthy attitude and being frozen with fear about where to even start when protecting your business, or assuming that it’s all in hand and yet being taken by surprise when a breach occurs, can have serious financial and legal consequences.
In particular, some small to medium organisations which have been particularly affected by the pandemic and the ensuing instability, have needed to put their finances and focus elsewhere, just to survive. This is completely understandable but now things are (hopefully) settling down a little, it’s perhaps time to do some Cyber Security housekeeping and make sure you have swept your metaphorical doorstep (and not just under the rug!)
Smaller organisations may not think they are a big enough target to appear on the radar of cyber-crime organisations or hackers, but supply chain attacks are becoming more common and as larger organisations with bigger budgets get better with their Cyber Security, hackers are instead turning to the smaller companies that supply them as their point of entry.
So, what can small to medium organisations, without big Cyber Security (or even big IT) budgets do to protect both themselves and their clients? The National Cyber Security Centre has some great resources including this great e-learning package to support small organisations https://www.ncsc.gov.uk/news/new-cyber-security-training-for-charities-and-small-businesses
It’s free unless you decide to pursue Cyber Essentials Certification, which in itself is relatively inexpensive at just a few hundred pounds. Whilst Cyber Essentials isn’t a magic bullet, implementing it will protect your business from over 95% of attacks.
If you do decide that attaining Cyber Essentials Certification is right for your company and your clients, then Arculus can help both guide you through it and certify you once you have met the technical controls required.
The controls include:
– The secure implementation and ongoing management of firewalls
– An overall secure configuration of your IT infrastructure
– The implementation and ongoing management of user access control
– The implementation and maintenance of malware protection
– Security update management; patch, patch and patch!
None of the controls are particularly difficult to implement or maintain and are mostly just common sense, but it can be challenging when setting them in place for the first time. Arculus can tailor a package to suit the needs of your business, offering a flexible pricing structure from just £400 +VAT ranging from basic help, mid-level help or a full overview and consultation on how to arrange your security infrastructure.
If your organisation needs a more robust test of its Cyber Security defences, once you have achieved Cyber Essentials Certification you could pursue Cyber Essentials Plus Certification which will involve a variety of tests against your infrastructure to test its robustness. Arculus is again able to guide you through the testing process with our expert knowledge and ensure you pass first time from just £1,600 plus VAT.