A recent report by PWC reports on geographical trends of what keeps CEO’s awake at night. What’s notable across the board is the digital security related aspects that are rapidly rising up the worry barometer. Developing your cyber security strategy is critical.
“The one exception is technology-related developments (e.g., ‘cyber threats,’ ‘speed of technological change’, ‘availability of key skills’), where we see anxiety about the impending promise and perils of artificial intelligence (AI) taking hold’
Digital development and transformation feature heavily in the majority of management and board agendas. The security and risk management of assets, data and people however, are keeping business leaders awake at night.
Here are 3 smart and clever ways to impact your security strategy;
What – Security Testing
There are two types of testing – IT vulnerability testing and process testing. Process testing includes the people in your business which is often the higher yet hidden risk.
It is a misconception that testing IT system firewalls informs your business how secure it is. Social engineering through manipulating staff on telephones, by text and in person can result in data loss, financial loss or IP loss.
Evidencing testing can help reduce your insurance and likelihood of fines from the ICO should you experience a data loss.
Best introduced when
IT systems penetration testing and people process testing is best done on a regular basis. Some businesses prefer to do this annually, some that hold more sensitive data such as healthcare, architectural, legal and financial organisations test more often including from every 6 months to every month.
IT systems – At Net-Defence, an agreement is put in place for ‘ethical hacking’ and then within an agreed period of time our specialist security team will attempt to penetrate your businesses IT systems. We then provide you with a clear and concise remediation action plan to improve protection and develop your cyber security strategy. When it comes to insurance and the ICO, you are best getting an independent tester rather than use your existing IT provider.
Processes – An agreement is put in place for social engineering testing and then within an agreed period of time our [Net-Defence] security team will attempt to obtain target information using the people in your business. We then provide you with a clear and concise remediation and recommendations report which may include staff education and board work-shops.
What – Security Education
From staff awareness to Company Directors workshops, educating your team on risk, risk management and business continuity protects you.
Legal accountabilities have changed in this digital era for company Directors, so much so, the Net-Defence team is working hard with the Institute of Directors to educate at board level – it is still common amongst company Directors to feel uncomfortable about lack of clear concise understanding of risk and responsibilities when it comes to digital threat. Staff are often lead to believe they are only at risk from ‘dodgy emails’ and are blissfully unaware of the variety of sophisticated methods being used to penetrate data from small business throughout the UK. An annual Board workshop and staff awareness session alone can make a remarkable difference to the security of a company’s money, assets and data.
Best introduced when
When you hear the phrase ‘we have an IT guy’ or ‘we are GDPR compliant’ these are signs that due to lack of comprehensive understanding of how security breaches are made in a digital era, there is a resulting miss informed organisation. No single person in an organisation can keep the whole business protected. It requires comprehensive understanding of each person or teams roles in protection from, identifying, reporting and responding to security attack. Just as health and safety has become a standard aspect of every persons daily business responsibility, so too should security of assets and data. Education should be delivered ideally on at least an annual basis. Certainly upon senior staff leaving or joining your team.
Education can be delivered through staff awareness sessions, board workshops, team workshops and one to one leadership sessions. At Net-Defence we use effective assessment tools to demonstrate and evidence levels of understanding from each session.
What – Security Consultancy
Security consultancy can range from advice for selecting new software to improve efficiencies, business continuity planning, upgrading your IT systems, advice on managing secure and uninterrupted secure comms during a relocation or expansion, or attaining accreditation such as Cyber Essentials or ISO27001.
Specialist, accredited and highly skilled consultants have professional training and qualifications to give you relevant support to make informed decisions as you develop processes and systems to reduce risk in your business. Often this requires a team with a variety of highly specialist skills between them, including IT, security testing, Governance and Compliance. There are many ‘security consultants or cyber security consultants’ out there masquerading that they are consultants. Be sure to ask for credentials such as Trusted Partner Status, Cyber Essentials Accrediting body, and or ISO Accrediting body. These are indicators that you are engaging with a consultative company rather than a team of sales people reselling other companies software with little knowledge of the negative impact on security layers products can have.
Best introduced when
When planning developments, changes, moves or expansions in your business it’s of value to enquire about consultancy. A credible consultancy team will not sell you something you do not need they will advise the options and value of these options form the outset with no obligation. A consultancy team will have effective client liaison personnel that can help you understand when you might need the consultants and how to get best value from them. A quality supplier will happily liaise with your Directors, your Board and your management team. Quality consultants often support existing IT providers, HR Directors, IT Directors, Marketing Directors, Managing Directors. If you had previous experience of ‘security’ and didn’t understand the engagement or resulting report you may have been miss-sold so an overview or interpretation can help assess risk levels.
Post hack, whether it be days, weeks or even months afterwards can be an impactful time for consultancy to give peace of mind and help with that sleep at night that no vulnerabilities linger in your business.
Net-Defence services are delivered with discretion. We often operate under NDA’s. If you have a concern you can talk in confidence with one of our client liaison team who will identify which of our specialists are best placed to support you. We then provide you with a quote for that support and should you engage us we project manage the team through delivery.
How much does cyber security and training cost?
The ‘cyber world’ has become a license to print money for many. At Net-Defence we work on comprehensive security strategy that includes processes and people, using a robust structured pricing system similar to other professional services including lawyers and accountants. We scope the work and provide a comprehensive quote with agreed outcomes and timescales for you. We have a low-bono scheme for third sector organisations also. As part of third generation family business Ogilvie Group, we pride ourselves on integrity and reliability. Our parent group now employs over 500 people throughout the UK and we don’t risk our reputation to make a quick sale. You can trust our team. We are Trusted Partners of the SBRC approved by Police Scotland.
If you are finding it difficult to sleep at night as concerns over security in a digital era drift across your mind it’s a sign that contacting us could be the smartest call you’ve made for some time.