What you must know as a company is that you are in the middle of a battle zone in a relentless digital war being waged on you by an army of hackers.The casualties in this war are mostly on one side and the rate of fatalities is high.
Consider a recent industry report carried out independently : 30% of small to medium size businesses will fail after experiencing a cyber attack.
.: Only 5% of hackers are ever apprehended.
All recent surveys indicate cyber attacks are increasing in frequency, and the targets have widened to include small and medium sized companies and there is no reason to doubt this information or expect the situation to improve.
Do you still think you can ignore the cyber security of your company ?
What can we offer
We believe in transparency so we are going to tell you first what we do not do. We do not hard sell security software or write bespoke security code ,we can not conduct site visits to penetrate test, implement ,manage or respond to a data breach, we do not provide legal advice or take any steps to recover your money neither can we provide cyber investigation services or conduct private prosecutions .We do not contact cyber insurance providers or the ICO on your behalf.
We can give you free advice on all of the above matters, and provide you with contact details of companies that provide the above services, including emergency situations, we can provide you with a contact near to your company when time is of the essence, we have enough experience to guide you in your decision making process to provide a solution that is right for your company.
A Cyber Security Plan is what we do provide.
It is a written and comprehensive document of 91 pages, full of recommendations and guidelines,a blueprint for your company to ensure personal information you collect and process is held secure.
It is universal in application, so it applies to any type of business and any category of data however it is collected and processed,from sole traders to e commerce companies ,literally any company.
It contains a full risk assessment of all risks a company will have,how risk is created and how you can reduce and eliminate this risk, by following our security recommendations. It contains security protocols for all personnel.
It will give your company a response strategy should you suffer a data breach or experience suspicious activity.It provides guidance on how to manage the risks.It provides guidance on how to train your personnel and describes in detail what the content of your training modules should be
Our Cyber Security Plan will provide the most effective cyber security your company can have.When you download it and read it for yourself you will see it lives up to our promise to you.
The Cyber Security Plan does contain technical recommendations which are considered necessary for your company but they are not difficult to implement , if you have any IT skills you will manage to implement the technical recommendations.
The GDPR and Data Protection Law.
GDPR: Personal information must be processed securely using "appropriate" technical and organizational measures.
Data Protection Law :Requires a company to have "proportionate." data protection measures.
There is no legal definition of what "appropriate" or "proportionate" means and there is no set prescription of the security measures and technical implementation a company must make.
This can create doubt within companies on what they must do.
A comprehensive Cyber Security Plan will ensure your company complies with both of these legal obligations, and it will also show your company manages the risks when processing personal information ,the management of risk is an ongoing legal obligation.
A Cyber Security Plan is designed to prevent,detect and respond to cyber attacks on your companies data bases, so that your company will avoid fines from the ICO, loss of trust from customers and business partners, damage to your companies reputation, legal liability,financial loss and filing cyber insurance claims..
Qu: I am just a one man band all this is overkill !
Even if you are the sole owner or a director,a Cyber Security Plan is a meaningful document. It is a case of one size fits all, it can be scaled up or scaled down,it can be used for remote workers,company salesmen,building site managers, any business that collects and processes personal information should have a Cyber Security Plan in place to show they are complying with data protection law.
Qu: We are only a small company we operate from mobiles and one laptop for invoicing do we need all this?
Yes, if you collect and process personal information of customers you will need to register your company or sole proprietorship with the Information Commissioners Office (ICO),failure to do so can lead to a fine.
Even if you have not registered with the ICO,you will still be required to comply with the legal obligations to take "appropriate" and "proportionate" measures to manage the risk of processing personal information,a Cyber Security Plan will show you are how to do this.
A question of money
Every size of company has been hacked,some of these companies have much more resources than most companies do.So as far as victims are concerned ,it is a level playing field.
This is the reality of the cyber war ,you can not just buy your cyber security,there is much more to it than that.
Even if your company has a limited budget you can still protect your companies personal information data with a Cyber Security Plan ,if you are willing to implement the plan you will have an effective defence against cyEber attack and you will be able to show your company manages the risks and complies with data law.
If your company budget allows you to spend money on improving your technical defences there are excellent cyber security companies that will inspect,penetrate test and improve your systems,configurations and network vulnerability.We would recommend this, because it will improve the security posture of a company.
Fact : 90% of cyber attacks on companies are carried out through Phishing e mails.
This is an amazing statistic and should give you comfort as an owner of a company.
What it means is that if your personnel are given proper training and appropriate security guidelines you can eliminate 90% of the risk to your company,without emptying the company bank account.Our comprehensive Cyber Security Plan will give a company appropriate security protocols for personnel together with quality training recommendations.
A Cyber Security Plan is actually easier to manage in a small to medium size business.
Training sessions should start with the line "This company values your commitment to our security" it will get good results,and the personnel will be on your side as part of your team.
A Cyber Security Plan should not be an after thought,you can get a plan for your company before you set your business up,in fact that is what we would advise you to do.It will give you some idea of what is involved in running a company and complying with data protection law.
Qu: We are an e commerce online company we do not deal with customers directly why do we need cyber security ?
The Cyber Security Plan describes in detail what a company can do to improve the security of their website.
We are more than happy to work with third parties and undertake research on your behalf to provide you with a Cyber Security Plan that is right for your company..
Qu: Do I Need This Cyber Security Plan
There is no legal requirement for a company to have a document called a Cyber Security Plan but there is a legal obligation for a company to have a policy on cyber security.
A company policy will deal with many matters not related to cyber security and will be managed by Human Resources whereas a Cyber Security Plan will deal with all matters relating to cyber security within a company, and will be managed by dedicated management personnel..
It is best practice to have a Cyber Security Plan that can be administered separately from company policy even though many security protocols will become company policy.
If your company is busy doing business and you do not have the time to set up and manage a Cyber Security Plan then it is advisable to employ a dedicated manager for this purpose.
The Future
Cyber security is evolving all the time, techniques of attack and counter measures to them are being developed by the leading software companies in the form of the latest version of anti malware and security patches.
This is why regularly security audits of the Cyber Security Plan are required,and this necessitates research.With the advent of AI the development of cyber security will accelerate which gives a company even more reason to undertake regular security audits within the Cyber Security Plan.
There is new legislation proposed to deal with the problem of cyber crime,and there is an international effort underway involving several large law enforcement agencies cooperating together,which should produce results.
A Cyber Security Plan will give a company capabilities that will allow safe operation in a cyber world, but it needs to be enforced and managed to be effective.It is a living document, and will evolve and expand over time to reflect the dynamic nature of the cyber environment,if you leave it on the shelf your company will get left behind. ,
©Copyright. All rights reserved.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.