Manage your business safely and avoid cyber threats

Activating CySure's unique Virtual Online Security Officer (VOSO) get your business on the road to becoming both cyber-secure and GDPR compliant from just £1 or $1 per user per month!

News Release - 11 December 2018, London, UK,

CySure partners with digital consultants Rubitek for cyber security

Cyber security specialist CySure Ltd has partnered with Rubitek as a digital consulting re-seller. Rubitek has added CySure’s Virtual Online Security Officer (VOSO) to its digital consulting offering to support businesses worldwide with their cyber security.

Sammy Williams, Digital Architect at and Director of Rubitek, said: “We are delighted to introduce CySure’s VOSO to our product suite. Cyber-attacks are becoming increasingly prominent in the world of business, so to be able to help small and medium-sized enterprises (SMEs) prevent attacks is a really exciting opportunity for us. VOSO fits in nicely with our established digital consulting products, and we’re all looking forward to supporting businesses all over the world, one click at a time.”

SMEs in the UK are just as much at risk from data breaches as large organisations. According to the Cyber Security Breaches Survey 2018, 42% of small businesses identified at least one breach or attack in the last 12 months. Suffice to say, this is a significant problem, and one that’s only set to increase as online criminals continue to discover new ways to access valuable and personal information stored by businesses.
Sammy continued: “We chose to partner with CySure because VOSO incorporates the high security standards, around-the-clock monitoring and action-lead reports we offer our customers. CySure shares our values and vision of helping SMEs stay cyber-safe and, like us, no challenge is too complex, and no goal is too grand for them. Together, our aim is to shield as many SMEs from internet-based attacks as we can.”
VOSO incorporates both US NIST and UK Cyber Essentials security standards to guide enterprises through the certification process, ensuring the right steps are taken to keep data secure and organisations compliant.
When it comes to the world of GDPR, CySure maps the security component of the regulations into VOSO and breaks them down into digestible, easy-to-follow actions. This enables businesses to clearly navigate their way through a staged compliance approach and work towards Cyber Essentials (CE). Many companies see CE certification as a commercial differentiator and evidence of their commitment to cyber security.
Joe Collinwood, Chief Executive Officer of CySure, concluded: “Cyber security has become a fundamental component of business operations but, unfortunately, some SMEs are lagging behind.

“It’s vital that SMEs safeguard their business by investing in security policies, procedures and products. CySure is partnering with Rubitek because its market-leading consulting, design and solution architecture services complement VOSO, and we share the same objective to support SMEs in implementing strong, cyber security hygiene practices so they can thrive in today’s digital economy.”

For more information about Rubitek, visit https://rubitek-consulting.com

Blog - December 2018, London, UK

Cyber Security, GDPR and SMEs – are the wrong questions being asked?

Cyber security and GDPR starts with people and processes not costly consultancy or complicated technology, says Joe Collinwood, CySure CEO

Even before GDPR came into effect in May 2018, there was concern over the inconvenience and financial burden that becoming compliant places on organisations, especially small and medium sized enterprises (SMEs) lacking full time IT expertise. It’s all very well for commentators and reports to recommend organisations allocate between 9% and 13% of their IT budget to cyber security but if there is no budget in the first place that advice is meaningless.

What questions to ask?
In truth, are we asking the wrong questions when it comes to GDPR and cyber security in terms of SMEs? Asking a smaller business the size of its IT budget is not particularly relevant when the majority of companies work on a “break and fix” basis. The real question should be are there proper organisational policies and technical measures in place to secure their customers and employees personal data? Along with what measures are in place to stop staff doing what they shouldn’t be doing and therefore putting the organisation in danger of attack and non-compliance?

The Data Protection Act states that appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. This is known as Principle 7. SMEs are therefore expected to have adopted Principle 7 and GDPR sits on top of it; however, it can only be achieved through people and processes to ensure correct implementation.

Security Controls
There is no single product that will provide a complete guarantee of security for any business. The recommended approach is to use a set of security controls that complement each other but will require ongoing support in order to maintain an appropriate level of security.


There is a lot of misinformation out there about GDPR but what haven’t been fairly represented are the business benefits. The real driver for adopting new compliance principles should be to make businesses more efficient, secure and competitive.

Minimising complexity
The key points of GDPR are that businesses must have consent and an opt-in from customers that cannot be confusing. For example, an organisation’s policies must state precisely what data is being collected, what it will be used for and how long the company will store that data. In essence, GDPR is about putting the power of data back in the hands of consumers, giving customers a better understanding of where their data is and what it’s being used for.

Organisations concerned about meeting compliance regulations could benefit from undertaking a Cyber Essentials (CE) or CE Plus certification route from The IASME Consortium Ltd guided by a virtual online security officer (VOSO) as part of an information security management system. This helps to manage the business safely, avoid cyber threats and become GDPR compliant.

The benefit of this approach is that SMEs can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full time in-house security specialist or a team of consultants. The process can be broken down into a set of discrete actions providing an easy to follow, staged approach to compliance. By taking away much of the time consuming administrative burden, a VOSO frees up management to focus on policies, procedures and employee training to create a cyber aware and compliant culture.

Maximising opportunity
To become GDPR compliant organisations must have a comprehensive understanding of their data, which gives the opportunity to better understand their customers. In order to comply with regulations, increasing data visibility across organisational silos, de-duping lists, and cleansing and mapping data are essential practices.

Organisations can improve data management by detecting and getting rid of redundant, obsolete and trivial files, after all, why take responsibility for something that has no business value. With data cleaned up employees can be more productive and efficient through working with accurate, easily searchable and accessible data. By improving data management, organisations can reduce risks while unlocking the true value within their data and improve performance.

Embracing change
Cyber security and GDPR compliance does not rest just with IT whether inhouse or outsourced - it is everyone’s responsibility. Small businesses can help their employees comply with the new regulation and protect against data breaches by developing a comprehensive communication and training strategy. Achieving safety and compliance doesn’t have to be a costly or complex undertaking. By utilising an online information security management system that incorporates Cyber Essentials, SMEs can navigate their way to security and look forward to the benefits of legislation through competitive differentiation and a new business culture that values customer privacy. It’s all a case of asking the right questions in the first place.

News Release - 7 November 2018, London UK

CySure appoints cyber specialists EnterpriseRed as a new security and compliance reseller partner in the UK

Collaborative partnership to help organisations improve compliance and cyber security awareness amongst workforce

Cyber security specialist CySure Ltd has appointed EnterpriseRed as a specialist reseller partner in the UK further extending Cysure’s international network of partners across the Republic of Ireland, South Africa, the USA and the UK. The Berkshire-based cybersecurity experts will resell CySure’s information security management system, Virtual Online Security Officer (VOSO).

After conducting a review of their solution portfolio, EnterpriseRed identified a gap for an information security management system to assist with compliance. CySure’s VOSO solution was chosen as it enables customers to manage and demonstrate their compliance with the General Data Protection Regulation (GDPR) simply and effectively. VOSO incorporates both US NIST and UK CE cyber security standards to guide enterprises through the compliance process ensuring the right steps are taken to keep data secure and organisations compliant.

Ian Kennedy-Compston, CEO of EnterpriseRed said, “There is a lot of misinformation about GDPR and the cost and complexity of becoming compliant. CySure’s solution cuts through the fog, with clear guidance and support for organisations throughout the process. We see VOSO as adding significant value to the GDPR process spreadsheet completion and envisage this product will significantly assist our customers going forward.”

CySure has been accepted onto the UK Government’s G-Cloud 10 digital marketplace. As part of that process the security component of the GDPR was mapped into VOSO, providing an easy to follow, staged approach to GDPR along with all the policies and training videos necessary to complete the compliance process.

Joe Collinwood, Chief Executive Officer of CySure added, “The partnership with EnterpriseRed was borne from a joint philosophy that achieving safety and compliance doesn’t have to be a costly or complex undertaking. However, many small to medium enterprises (SMEs) still don’t have the bandwidth to address this matter effectively despite the risk of data breaches. By utilising VOSO, organisations can enjoy the benefit of a powerful information security management system which interprets government and industry standards to ensure the right steps are taken to keep data safe and the organisation compliant. By partnering with EnterpriseRed, Cysure continues to extend its footprint in the UK market and we look forward to a mutually beneficial relationship.”

For more information on CySure and its full suite of services, visit www.cysure.net For more information about EnterpriseRed, visit https://enterprisered.com/

Blog - October 2018, London UK

GDPR - the most common misconception and 4 things every business should know

Addressing the misunderstanding surrounding cookies and consent in terms of GDPR

The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 with great fanfare, and rightly so. It is the most significant change to data protection legislation in Europe for over two decades and puts individuals back in the driving seat of how their data is used. However, there continues to be a lot of confusion within the business community on the steps that need to be taken to ensure compliance. Consequently, many businesses are suffering from ‘GDPR fatigue’ caused by over exposure to security and legal rules.

GDPR applies to even small business
GDPR is designed to govern how every organisation treats the personal data it collects. The size and location of the business is irrelevant, if an organisation holds personal information on individuals in the EU, as consumers or employees, then the regulation applies. In practice, this means that the principles guiding how data should be collected, processed, shared and stored apply to virtually every business within the EU, as well as those beyond Europe with customers the European Union. There’s no exemption for small businesses or sole traders.

For small and medium sized enterprises (SMEs) compliance can often be unclear as many companies have relied on their IT person, an outsourcer or external legal services to advise and implement data privacy measures. This has left some business owners unsure of what actions are needed to meet the requirements of the legislation.

Cookies and consent - 4 things every business should know
There is a common misconception that GDPR is purely about consent and whilst this is a critical obligation, it is by no means the only area of focus. Small businesses that have an online presence must obtain clear and unambiguous consent before collecting and processing personal data. Some businesses may believe they are GDPR compliant by having a cookie consent and privacy policy on their website, however GDPR requires organisations to meet a more comprehensive set of privacy obligations, such as;

• Data minimisation – businesses should only collect personal information which is directly relevant and necessary to accomplish a specified purpose. If you don’t need it, don’t collect it! Companies should also periodically review the data they hold ensuring the deletion of anything not needed

• Integrity and confidentiality – businesses must ensure they have appropriate security measures in place to protect the personal data held. This extends to ensuring that any personnel that have access to personal data have a legitimate need to do so and receive regular cyber security training

• Data protection by design – organisations are obligated to consider data protection and privacy issues upfront in everything they do. In essence, this means integrating or 'baking in' data protection into processing activities and business practices, from the design stage right through the lifecycle

• Breach notification – there is a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority. Organisations should prioritise developing a robust detection, investigation and internal reporting procedure before a breach happens. Certain types of personal data breaches must be reported within 72 hours of becoming aware of the breach, so it is essential that processes are in place.

The importance of certification
Certification is a way of demonstrating that an organisation’s method of processing personal data complies with GDPR requirements. Organisations concerned about meeting compliance regulations could benefit from undertaking a certification route, such as Cyber Essentials or the IASME Governance standard, guided by a virtual online security officer (VOSO) as part of a wider information security management system.

Obtaining certification for data processing can help SMEs to:

• Have a competitive advantage
• Be more transparent and accountable
• Create effective safeguards to mitigate the risk around data processing and the rights and freedoms of individuals
• Improve standards by establishing best practice
• Mitigate against enforcement action.

The benefit of certification via an information security management system (ISMS) is that SMEs can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full time in-house security specialist or a team of consultants. The process can be broken down into a set of discrete actions providing an easy to follow, staged approach to compliance. By taking away much of the time consuming administrative burden, a VOSO frees up management to focus on policies, procedures and employee training to create an aware and compliant culture.
The processes necessary for GDPR compliance can deliver many commercial advantages, after all data is the lifeblood of any organisation. By taking a proactive stance towards GDPR, SMEs can take control of their data and engage with customers and prospects on a deeper and more personalised level. SMEs that treat GDPR as a box ticking exercise are missing the wider opportunity to demonstrate trust and confidence with their target audience – their customers.

Joe Collinwood is CEO of Cysure.net

Blog - October, London, UK

How safe is your business? - 5 Steps to Cyber Security

Getting organised with an information security management system (ISMS) goes a long way to preventing data loss and fines. Joe Collinwood, CEO at CySure explains how.

With new threats appearing daily cyber security is becoming increasingly important and complex, yet many business owners don’t have the bandwidth to take the trend seriously. Most news stories have focused on security breaches in large organisations however, all businesses are vulnerable to security threats, especially if they lack the resources and expertise to implement operational and risk management policies. Cyber criminals are preying on this lack of expertise and target medium sized enterprises as they are easy victims and can be used as a backdoor to larger companies.

The Cyber security breaches survey 2017 conducted by Ipsos Mori on behalf of the UK Government revealed that 52% of small businesses identified a cyber breach or attack in the past 12 months. The most common types of breaches identified were related to staff receiving fraudulent emails (72%), followed by viruses, spyware and malware (33%), people impersonating the organisation in emails or online (27%) and ransomware (17%). For companies with limited budgets, cyber security can be a tricky job, however, getting “your ducks in a row” with an information security management system is a good place to start.

Here are 5 Steps to Cyber Security:
1. Leadership is vital – cyber security starts at the top of the organisation, if management leads by example taking an active approach to the mitigation of cyber risk, this attitude will prevail throughout the organisation. Understandably, leaders are often focused on building their business and not inwardly looking at complex organisational policies. However, adopting a systematic approach to processes and procedures promoted by a virtual online security officer, as part of an information security management system takes away much of the time consuming administration burden.

Organisations that cannot afford a full time inhouse security specialist can seek the services of an online service to guide them through the complex, emerging safety procedures and protocols to improve their online security and reduce the risk of cyber threats.

2. Education and awareness training – as revealed in the Cyber security breaches survey 2017, phishing emails and malware are the two biggest threats to organisations. Both of these exploit human behaviour so it’s vital that staff are trained to recognise the threat and respond appropriately.

Similarly, accidental breaches, privilege misuse and data loss are all the result of employees not understanding their information security obligations. Educating staff on the ways they could put data at risk helps organisations turn one of their biggest vulnerabilities (people) into an area of strength.

3. Identify your risks - a risk assessment is one of the first tasks an organisation should complete when preparing its cyber security programme. Identifying the risks that can affect the confidentiality, integrity and availability of information is a time consuming process. However, by identifying threats and vulnerabilities organisations can take steps to mitigate by prioritising which risks need to be addressed in which order. Without an assessment, organisations may miss vulnerabilities or waste time, effort and resources addressing events that are unlikely to occur or won’t cause significant damage.

4. Regular reviews – policies and procedures are the documents that establish an organisation’s rules for handling data. Policies provide a broad outline of the organisations principles, whereas procedures detail the how, what and when things should be done. Together they provide a framework of do’s and don’ts for the organisation’s workforce on how data should be managed and trains employees to offset social engineering campaigns that are one of the main causes of a data breach.

A good information security management system will provide policies and procedures that ensure regular reviews are conducted with all employees to ensure they are up to date and policies remain effective. If a procedure isn’t working, it needs to be rewritten.

5. The wonders of a dashboard – assessing progress and monitoring improvements is essential to maintaining an organisation’s security posture. A dashboard simplifies the process by providing a central location for all plans, policies, best practice advice and employee training information. Good dashboard software should guide companies through complex safety procedures and protocols, display compliance progress against selected standards including GDPR as well as online security training videos for continual staff training. A visual traffic light system soon lets business leaders know just how well prepared their organisation is to prevent a data breach or cyber attack.
It’s time for companies to act

By underestimating the true impact a cyber attack can have on their reputation and the disruption caused while management remediate the situation, businesses are putting themselves at significant commercial risk. Now more than ever it is essential to take action and reduce the risk of cyber threats. Without adequate protection they are risking their future business growth and development.
Managing risk from inside the organisation is vital and relies upon the application of a consistent set of policies and processes, backed up by continual employee training. By utilising an information security management system that incorporates leading cyber security standards, companies can benefit from the expertise of online cyber security consultants at a fraction of the cost, enabling them to create robust, best-practice policies to help keep their organisations safe.

Joe Collinwood is CEO of Cysure.net

News Release - 28 September 2018, London UK

CySure announces availability of Virtual Online Security Officer (VOSO) on G-Cloud 10 Digital Marketplace

Security component of GDPR added to further protect public sector organisations against cybercrime

Cyber security specialist CySure Ltd has announced that its Virtual Online Security Officer (VOSO) has been accepted onto the Government’s G-Cloud 10 digital marketplace. With the latest iteration of the G-Cloud framework, CySure has extended the proven capabilities of the company’s VOSO online solution to protect organisations against the growing threat of cybercrime. It has mapped the security component of the General Data Protection Regulation (GDPR) into VOSO, providing an easy to follow, staged approach to GDPR along with all the policies and training videos necessary to complete the compliance process.

Organisations today, particularly those in the government and public sector, operate in a constantly changing environment where cybercrime is a real threat. Latest statistics from the Department for Digital, Culture, Media & Sport reveal that four in ten businesses and two in ten charities have experienced a cyber security breach or attack in the last 12 months. However, only 27% of businesses and 21% of charities have a formal cyber security policy or set of policies in place.

Joe Collinwood, Chief Executive Officer of CySure said, “Research from GCHQ reveals that 80% of cyber-attacks are easily prevented when staff are trained regularly, and the right policies are in place. Managing risk from inside the organisation is vital and relies upon a consistent, dynamic process with continual training. Our VOSO solution interprets government and industry security standards in simple terms and outlines the steps to take to protect online equipment and stored data at the fraction of the cost of a human counterpart. We are delighted that VOSO has been accepted onto the government’s G-Cloud framework, the go-to place for trusted technology solutions from suppliers that are thoroughly vetted, can demonstrate clear ways of working and transparent pricing. Our customers in the public sector can depend on our expertise to create a robust, best-practice formula to help keep their organisations safe.”

CySure’s simple-to-use, web-based Virtual Online Security Officer incorporates a comprehensive range of features such as remote monitoring and secure configuration of all networked devices, asset mapping, vulnerability scanning and patching, dashboards to display compliance progress against selected standards including GDPR as well as online security training videos for continual staff training. Costing £1 per user per month, VOSO reduces the requirement for expensive in-house cyber security consultants or compliance officers, mitigates the risk of law suits and regulatory fines and ensures employees are trained regularly and kept informed of the latest cyber security updates.

News Release - 24th September 2018, London UK

CySure appoints Renaissance Contingency Services as new security and compliance distributor in Ireland

New partners co-host webinar on Cyber Security, GDPR and Local Government on 20 September 2018

Cyber security specialist CySure Ltd has signed up Renaissance Contingency Services as the company’s first distributor in Ireland. The Dublin-based IT security and compliance experts will resell CySure’s information security management system, Virtual Online Security Officer (VOSO). The agreement with Renaissance further extends Cysure’s international network of partners across the Republic of Ireland, South Africa, the USA and the UK.

Michael Conway, Director at Renaissance Contingency Services said, “Every day, networks and businesses are being attacked by cyber criminals and we need to work alongside partners we can trust to guide organisations through today’s complex security and compliance landscape. We selected CySure after evaluating the marketplace for a solution that would allow our partners and their customers to manage and demonstrate their compliance with the General Data Protection Regulation (GDPR) simply and effectively. When combined with our 30-year track record in the industry, we can jointly offer the depth and strength of solutions and advice our partners need to grow their business while protecting themselves and their customers against the constant threat of cyber attacks.”

CySure has been accepted onto the UK Government’s G-Cloud 10 digital marketplace. As part of that process the security component of the GDPR was mapped into VOSO, providing an easy to follow, staged approach to GDPR along with all the policies and training videos necessary to complete the compliance process.

Joe Collinwood, Chief Executive Officer of CySure added, “As Ireland’s premier IT security distributor and leading business continuity consultancy provider, Renaissance has an enviable reputation for delivering a robust set of solutions. According to GCHQ research 80% of cyber attacks are preventable when staff are trained regularly and the right policies are in place. VOSO is a complete information security management system which interprets government and industry standards to ensure the right steps are taken to keep data secure and organisations compliant. This new partnership provides the potential for CySure and the IT channel to create a powerful valuable proposition to keep Irish public sector organisations safe and secure.”

On 20th September, CySure and Renaissance will co-host a 45-minute webinar entitled “Cyber Security, GDPR and Local Government”. During this interactive tutorial, attendees will learn about the main areas that make public sector organisations vulnerable to attack such as staff and contractor changes, human error and weak internal processes. They will also take away some simple, inexpensive ideas to facilitate their own path to GDPR compliance including the need for continual process monitoring; knowing when to engage external consultants to plug in knowledge and skills gaps while containing costs and a deeper understanding of executive legal responsibilities. To register for the webinar visit https://cysure.net/events

For more information on CySure and its full suite of services, visit www.cysure.net For more information about Renaissance Contingency Services, visit www.renaissance.ie

News Release - May 2018, London, England

CySure is excited to announce the launch of VOSO, CySure's Virtual Online Security Officer.

CySure's SaaS-based VOSO is a unique, pragmatic and affordable solution for SMBs in the fight against cybercrime.

Founded in 2015, CySure's VOSO is being launched after two years in development.

Joe Collinwood, CySure's CEO and co-founder, says, "Protecting a small business from Cybercrime is now an urgent issue for the economy. We recognize the typical SMB is already stretched beyond capacity and is struggling to deal with cybersecurity. The arrival of CySure mean SMB's can protect themselves the same as a large corporation might, but at a fraction of the cost it normally takes."

CySure has recently completed several field tests and installations with early adopters to demonstrate the effectiveness of VOSO for SMBs. CySure is now available in both the UK and the United States.

CySure believes VOSO is set to become the standard for executing a continual cybersecurity process allowing senior executives to easily monitor and oversee a cyber risk mitigation strategy.

What SMBs need is a simple and inexpensive way to create, implement and enforce cybersecurity security policies and procedures with the minimum of resources.

The advantage over competitors is that CySure's SaaS VOSO is inexpensive, makes it easy to implement standards-based security policies and procedures, quickly builds a breach response plan, and paves the way for cyber insurance optimization.

The ransomware program WannaCry that recently attacked computers in more than 150 countries has left small and medium-sized businesses scratching their heads and wondering what to do to protect themselves. The Government offers little practical help for the smaller enterprise. Virus checkers, anti-malware software and firewalls afford only so much safety. The heart of the problem of risk mitigation is not technology but human behavior.

CySure's approach is to take complex Government standards such as NIST and Cyber Essentials and deploy a Virtual Online Security Officer that automatically translates the selected standard into a simple to follow solution containing the related policies for the business owner. The service guides executives to which part of their compan's cybersecurity plan needs attention and translates this information into clear, actionable steps. The VOSO continues to monitor a company's performance against the selected standard.

CySure's VOSO allows leadership to understand what to focus on to successfully guard against 80% of all cyber-attacks. CySure understands that some breaches cannot be prevented, so CySure complements their solution with a breach response plan and optimized insurance.

CySure's VOSO creates an audit trail that enables senior executives to easily demonstrate adherence to the highest government standards and that management is discharging its fiduciary responsibility to protect the assets of their company.

CySure believes many SMBs are struggling either to become HIPAA compliant or maintain that accreditation as well as become cyber secure. As a result, CySure plans to initially market its product in highly regulated industries where HIPAA compliance is mandatory as Cyber Essentials and HIPAA share many similar requirements.

CySure is a start-up with headquarters located in Fair Oaks, California and an office in London.

  CySure is a start-up with headquarters located in Fair Oaks, California and an office in London.
  CySure's website is www.cysure.net

CONTACT
  Harry Collinwood
  info@cysure.net
  020 3900 3300