Manage your business safely and avoid cyber threats

Activating CySure's unique Virtual Online Security Officer (VOSO) get your business on the road to becoming both cyber-secure and GDPR compliant from just £1 or $1 per user per month!

Blog - June 2019, London, UK

Cyber resilience in uncertain times: 5 steps for SMEs to survive and thrive

Operating online has brought many benefits to SMEs but it has also introduced the risk of cyber attacks. Joe Collinwood, CEO at CySure details five steps to cyber resilience

When it comes to cyber crime, small businesses are not exempt from the disruption that impacts large organizations. If anything, their size can make them more vulnerable as they are perceived as a softer target. That isn’t to say that SMEs are unaware of cyber risks - according to the Cyber Security Breaches Survey 2019[i], 78% now see cyber security as a high priority. However, this raised awareness has not translated into action with the survey reporting that only 15% of small businesses have a formal cyber incident management process.

Cyber attacks continue to cause UK businesses problems. Two-thirds of SMBs have suffered a cyber attack in the past 12 months[ii] according to the 2018 State of Cybersecurity in Small & Medium Size Businesses report. No business is too small to be attacked, nor too small to protect itself. SMEs can pave the path to cyber resilience by following 5 simple steps:

1. Maximise your best asset – your people
Your employees are your greatest asset and the first line of defence. Training is absolutely vital. Among the SMEs that identified a breach or attack in the 2019 survey, 63% had their most disruptive breach reported by staff rather than by antivirus software. People are the only link that can bind technology, processes and policies together to ensure business goals are met. Employees need regular cyber security training to ensure their knowledge is up to date, to know what to look for and the immediate steps to follow should an attack occur. By having the right policies, processes and training in place for preventing, as well as reacting to a cyber threat, SMEs can create the best scenario to restore operations post incident.

2. Invest in cyber insurance
Becoming more resilient to cyber risks in an age of digital disruption increasingly means understanding how to restore operations quickly should the worst happen. Cyber insurance is specifically designed to cover the unique exposure of data privacy and security and can act as a backstop to protect a business from the financial and reputational harm resulting from a breach. Standard policies are often inadequate to cover the likely cost of even a more “standard” security breach, let alone cyber attack or ‘hacktivism’. Only specialist cyber insurance policies provide extensive cover. However, organisations need to research policies carefully to understand the level of cover offered and their responsibilities to stay within the conditions of the policy.

3. Secure and back up data
Data is the lifeblood of any organisation yet many SMEs either fail to back up their data or they are not doing so effectively. Losing the ability to restore business critical data, such as customer data and financial information after an incident can be catastrophic. Data loss can damage reputations and paralyse businesses, but these are by no means the only problems. Since the EU General Data Protection Regulation (GDPR) came into force on 25 May 2018, organizations of all sizes can face hefty fines should they suffer a data breach. Restoring business data quickly and effectively after an incident is vital. SMEs must take control of their data and ensure business critical information is securely backed up and can be restored at speed.

4. Ensure good malware and virus protection
Good cyber resilience goes hand in hand with good cyber hygiene. Whilst cyber resilience is all about ensuring a business can continue to operate after or even during an event, cyber hygiene is about proactively offsetting those risks in the first place. Phishing emails and malware infections caused by attachments and links to hacked web sites have become common occurrences. To counter act these evolving threats organizations should focus on getting the basics right and developing a cyber hygiene habit. The benefit of regular maintenance is that it identifies potential issues early, before cyber security risks become a problem. SMEs should invest in effective firewalls, anti-virus and anti-malware solutions and ensure any updates and patches are applied regularly, ensuring that criminals can’t exploit old faults or systems. The National Cyber Security Centre advises updating software as soon as a new patch or update is available. Additionally, user passwords should be changed regularly and unused equipment disposed of securely.

5. Demonstrate commitment to security – get certified!
Cyber Essentials (CE) in the UK and the NIST Cybersecurity Framework in the US are government and industry backed voluntary schemes to help all organisations protect themselves against common cyber-attacks. The CE and NIST schemes aim to provide businesses with a structured framework and continuous process that implements the minimum standards to mitigate the risk from cyber attacks.

For example Cyber Essentials certification in the UK can help SMEs implement strong, cyber security hygiene practices. Being fully Cyber Essentials compliant mitigates 80%[iii] of the risks faced by businesses such as malware infections, social engineering attacks and hacking. By utilising an online information security management system (ISMS) that incorporates Cyber Essentials Plus, SMEs can undertake certification guided by a virtual online security officer (VOSO) as part of its wider cyber security measures.

Agile and resilient
According to the Business Population Estimates conducted by the UK Government, small and medium businesses make up 99.9%[iv] of all private sector businesses in the UK, and employ 16.1 million people, or 60% of the country’s private employment. However, almost half (43%) of British SMEs admit to having no business continuity, disaster recovery or crisis management plans in place, despite almost the same number of UK businesses (46%) suffering at least one cyber security breach or attack.

Smaller organisations are by nature agile and innovative, harnessing the power of technology and the internet to reach their customer base, however this also increases the attack surface. The path to becoming cyber resilient can be daunting but it is not insurmountable. Demonstrating responsible business practice means being prepared for anything. By developing a cyber resilience stance based on following a few simple steps, SMEs can not only survive but thrive in the new digital world.

[i] Cyber Security Breaches Survey 2019
[ii] 2018 State of Cybersecurity in Small & Medium Size Businesses report
[iii] https://www.cyberessentials.ncsc.gov.uk/
[iv] https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/663235/bpe_2017_statistical_release.pdf


Blog - June 2019, London, UK

Data protection v Data privacy: regardless of sector every business is in the data business

Joe Collinwood, CEO at CySure explains the difference between data protection and data privacy, which organisations of all sizes and sectors can no longer afford to ignore.

Since GDPR came into force companies are still getting to grips with data processes and policies.

The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 with great fanfare, and rightly so. It is the most significant change to data protection and data privacy legislation in Europe for over two decades and puts individuals back in the driving seat of how their data is used. However, almost a year on there continues to be a lot of confusion within the business community on the distinction between data protection and data privacy.

Data Protection vs Data Privacy
Data protection refers to the technical controls on protecting assets from unauthorised use i.e. in effect the tools and procedures to enforce the policy and regulation. Data privacy is the legal and operational measures that govern the use of data, ensuring only authorised users gain access to personal data. GDPR makes it the responsibility of every organisation to implement the appropriate technical and organisational measures to ensure a level of security appropriate to its risk. A common mistake is that companies ignore what the ICO refers to as the “7th Principle”. Which is that a company already compliant with the Data Protection Act and already has technical controls in place to properly secure personally identifiable information, those controls must go beyond the firewall and anti-malware that most companies think are sufficient.

In the event of a complaint to the ICO or a report of a data breach, a data controller or processor will need to demonstrate that they ensured appropriate security was in place. That extends to suppliers and contractors to your business. If an organisation isn’t compliant with GDPR it is accepting a significant risk to its business. The inability to demonstrate proportionate steps to comply with GDPR is likely to attract significant scrutiny from the ICO and a more robust fine. Not to mention the reputational damage that accompanies a breach in data.

Commercial advantages of safeguarding data
Being GDPR compliant is not a one-time activity, it is a cultural shift in how organisations protect personal data and it should be baked into policies, processes and procedures. By taking a proactive stance towards data protection and data privacy, organisations can take control of their data and engage with customers and prospects on a deeper and more personalised level. By developing a reputation for safeguarding sensitive information and providing transparency to customers, businesses can improve brand loyalty whilst also gaining new customers. Business growth is dependent on customer trust. Savvy organizations that can demonstrate a trusted track record and commitment to protecting customer information can maximise on the opportunity to differentiate themselves from the pack by making data protection and privacy a priority.


Blog - May 2019, London, UK

Cybercrime & the bottom line: 5 Reasons why SMEs can’t ignore cyber security

Joe Collinwood, CEO at CySure identifies the new cyber risks and how to mitigate them.

The digital world offers many opportunities for business growth however it exposes organisations to new cyber risks. Weak cyber security can leave organisations exposed and the revenue repercussions can be severe.

The benefits of operating in the digital world presents many opportunities to small and medium enterprises (SMEs) however it opens organisations to a host of cyber risks. Although cybercrime is the biggest challenge for many organisations, and often leads to financial loss. Changes in business practice in addition to technological changes are opening up threats which need to be managed to avoid negatively impacting revenue. Here we explore 5 ways cyber security issues can impact the bottom line.

1. Business disruption
Too many SMEs hold the belief that they are too small to be attacked and that their sector would be of no interest to a cyber-criminal. Unfortunately, SMEs are as much at risk from cyber security risks as large organisations. According to the Cyber Security Breaches Survey 2018[i], 42% of small businesses identified at least one breach or attack in the last 12 months. Depending on the severity of the attack, SMEs can suffer severe disruption, including impacting business operations and preventing staff from carrying out their day to day work. The U.S National Cybersecurity Alliance[ii] found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber-attack. Being prepared for when, not if, the inevitable happens is key to recovery. SMEs that view cyber security as an essential foundation, with documented policies and processes, will be better positioned to withstand the after effects of a cyber security incident.

2. Data loss and regulatory fines
Data breaches are costly, not only in regulatory fines but in lost business confidence from customers, suppliers and partners. According to the Ponemon Institute’s 2018 Cost of Data Breach Study[iii], the average cost of a stolen or lost record is $148, while the average annual overall cost of a data breach is nearly $4 million. This is irrespective of the fines and sanctions under the new EU General Data Protection Regulation (GDPR) and California’s Consumer Protection Act which comes into effect on 1st January 2020 which will surely add to those costs. EU GDPR is the most significant change to data protection legislation in Europe for over two decades and puts individuals back in the driving seat of how their data is used. There’s no exemption for small businesses or sole traders. By taking a proactive stance towards data protection, SMEs can take control of their data and engage with customers and prospects on a deeper and more personalised level, maximising on the opportunity to differentiate themselves from the pack.

3. Intellectual property
The current cyber landscape is chaotic, from state-sponsored hackers to financially motivated cybercrime gangs. In a rapidly evolving landscape of increasingly sophisticated cyber-attacks, there is a very real risk of a hacker gaining access to intellectual property or other sensitive commercial information and using it to their advantage. Whilst no security strategy can stop 100% of attacks, the aim is to mitigate the risk as much as possible. The majority of attacks exploit basic weaknesses in IT systems and software, which can be straightforward to defend against. It’s time for SMEs to redefine their approach to information security and view it as a way of life aligning security concerns with business goals. By having a top-down, consistent approach to data governance, backed up with the necessary resources and employee training, SMEs can ensure compliance becomes an integral part of the operation.

4. Reputational damage
The repercussions of a breach extend far beyond the costs that are easiest to calculate, such as incident response, external technical services and communications. The indirect financial cost can be far harder to calculate and remediate such as lost business stemming from the erosion of customer and supplier trust. However, the real expense of an attack against an organisation is the damage to brand reputation. Suffering a cyber-attack can cause customers to lose trust and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new business or government contracts.

5. Third party relationships
Many organisations often rely on a vast network of agile SME suppliers and partners. However, with so many prolific data breaches occurring due to flaws in third-party partners, SMEs are coming under increasing pressure to prove their security credentials – or risk missing out on lucrative business opportunities. The cyber threat landscape is more real and harmful than many businesses want to accept. However, cyber security need not be complex or prohibitively expensive. SMEs need to seek solutions matching their size and needs which may not necessarily be the same solutions used by a big organisation.

SMEs have an inherent advantage over larger companies, their agility enables them to be flexible and adjust to changes quickly. The lack of red tape and corporate complexity means they can act and adapt fast. By giving cyber security the same priority as other business goals, SMEs can maintain their advantage and thrive in the new digital world.

Blog - May 2019, London, UK

Redefining cyber security as a business enabler - 3 ways SMEs can benefit

Joe Collinwood, at CySure explains why it’s time to look beyond the traditional defensive role of cyber security and recognise its innovative possibilities.

In an era defined by cyber crime it is easy to take the view that cyber security is exclusively an IT cost and the necessary price of doing business.

The consequences of a data breach can be a disaster for small and medium-sized enterprises (SMEs) which is why cyber security should be a fundamental component of business operations. The repercussions of a breach extend far beyond the costs that are easiest to calculate, such as incident response, external technical services and communications. The indirect financial cost can be far harder to calculate and remediate such as lost business stemming from reduced customer and supplier trust, damage to brand reputation and fines from the Information Commissioner’s Office (ICO). The biggest killer for businesses is the disruption to the business and the time lost while trying to get the business operational again

With the constant threat of a potential cyber attack it is easy to see why some companies develop a defensive and reactive cyber security posture. However, if SMEs are to remain relevant and competitive in the digital economy, it is vital they ensure innovation isn’t stifled by rigid security practices. A strong cyber security strategy developed in line with business goals can support business agility, develop customer loyalty and facilitate organizational operations. Here are 3 ways SMEs can achieve business growth through effective cyber security management.

1) Support business agility
Digital transformation has changed the business landscape creating a competitive and fast paced world. In this intensely competitive environment, start-ups and online companies are damaging traditional brands with innovative digital business models, products and services. SMEs can adapt swiftly to changing environments, embracing digital technologies to improve their internal processes, product offering and enhancing the customer experience.
Providing services in the connected world is increasingly more risky but SMEs that view cyber security as an essential foundation will have the confidence to implement digital processes and technologies that fuel innovation and growth. Without it, companies may hesitate to start digital projects, therefore stifling their innovation potential and opening the door to competitors.

2) Improve data management – the positive impact of GDPR
The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 and is designed to govern how every organisation treats the personal information it has collected by putting individuals firmly in charge of the way their data is used. The processes necessary for GDPR compliance can deliver many commercial advantages, after all data is the lifeblood of any organisation.
By taking a proactive stance towards GDPR, SMEs can take control of their data and engage with customers and prospects on a more personalised level. By developing a reputation for safeguarding sensitive information and providing transparency to customers, businesses can improve brand loyalty while gaining new customers. Business growth is dependent on customer trust. Security savvy organizations that can demonstrate a trusted track record and commitment to protecting customer information can maximise on the opportunity to differentiate themselves from the pack.

3) Smoother operations
SMEs are more at risk from data breaches than large organisations because cyber criminals recognize that SMEs do not have the money or resources to launch a legitimate defence and therefore are easy prey. According to the Cyber Security Breaches Survey 2018[i], 42% of small businesses identified at least one breach or attack in the last 12 months. In a rapidly evolving landscape of cyber threats, SMEs which understand the risks and have a robust cyber security strategy are more able to recover business operations when a breach happens.

This ability to demonstrate cyber resilience is becoming a contractual requirement to many large organisations that rely on a vast network of agile SME suppliers and partners within their supply chain. SMEs that invest in cyber security can show they are less likely to be a conduit for criminals to access a larger organisation, and are better placed to demonstrate their ability to recover business operations and performance in the event of an attack, therefore protecting the supply chain. While no security strategy can stop 100% of attacks, the aim is to mitigate the risk as much as possible.

Positioned for growth with cyber security
SMEs have an inherent advantage over larger companies as their agility enables them to be flexible and adjust to changes quickly. The lack of red tape and corporate complexity means they can act and adapt fast. A strong cyber security posture encourages data management leading to better customer profiling and greater customer loyalty. Good cyber hygiene practices demonstrate to customers, partners and investors that the organization is a trustworthy provider of goods and services, and protector of customer data.

Cyber security need not be prohibitively expensive. SMEs should seek solutions matching their size and requirements. By utilizing an online information security management system (ISMS) that incorporates Cyber Essentials Plus in the UK and NIST controls in the US, SMEs can be guided by a virtual online security officer (VOSO) to understand just how safe and compliant to regulations they are as part of wider cyber security measures.

A cyber security strategy creates a culture of innovation and trust, both essential for business growth. By giving cyber security the same priority as other business goals, SMEs can position themselves for success and thrive in the digital age.

[i] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018







Blog - April 2019, London, UK

Planning for business growth? 3 Reasons to get cyber savvy

Joe Collinwood, CEO at CySure outlines why being cyber aware is a business necessity for all organisations

Cyber-attacks are surging and small and medium sized enterprises are easy prey for hackers. Small businesses in the UK are the target of an estimated 65,000 attempted cyber-attacks every day, according to new figures[i] from specialist global insurer Hiscox. According to the insurer, cyber security incidents cost the average small business £25,700 in direct costs such as ransoms paid and hardware replaced. However, indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers can be devastating. Complacency can cost SMEs dearly; the US National Cyber Security Alliance[ii] found that 60 percent of small firms go out of business within six months of a data breach.

In a rapidly evolving landscape of cyber threats it is vital that SMEs understand the risks and act fast or risk business failure due to a lack of a robust cyber security strategy. Here are three reasons why SMEs need to get cyber savvy:

1. Supply chain cyber security
Many organisations often rely on a vast network of agile SME suppliers and partners. However, with so many prolific data breaches occurring due to flaws in third-party partners, SMEs are coming under increasing pressure to prove their security credentials – or risk missing out on lucrative business opportunities.

Small companies make easier targets for attackers as they often don’t see themselves as a target and fail to sufficiently invest in having robust cyber security measures in place. However, for supply chains to work effectively they require every organisation involved to communicate within a central system to avoid issues such as inaccurate inventory reporting, unexpected shortages and supply chain fraud. With information and security arrangements shared across the open supply chain, the cyber-security of any one organisation within the chain is potentially only as strong as that of the weakest member.

A determined attacker will stress test the security of a supply chain, seeking to identify the weakest link and use any vulnerabilities present to gain access to other members of the chain. Whilst not always the case, it is often SMEs with their limited IT expertise and resources, that have the weakest cyber-security arrangements. Once an attack has been
successful against an SME supplier, attackers can then leverage their access as an entry vector into the larger network.

2. GDPR – it’s not been and gone!
The headlines that accompanied the launch of the General Data Protection Regulation (GDPR) in May 2018 may have subsided but the legal obligation hasn’t. Although termed regulation, GDPR is enshrined in law and all organisations, regardless of size, need to ensure they meet their obligations.

However, some SMEs are continuing to bury their heads in the sand and who can blame them given the constant negative focus on GDPR. There is a lot of misinformation out there but what hasn’t been fairly represented are the business benefits. The real driver for adopting new GDPR compliance principles should be to make business more efficient, secure and competitive.

To become compliant organisations must have a comprehensive understanding of their data, which provides SMEs with the opportunity to better understand their customer. With data cleaned up employees can be more productive and efficient through working with accurate, easily searchable and accessible data. Customers are the lifeblood of a modern digital business, by improving data management organisations can unlock the value within their data and improve performance.

3. Demonstrate commitment to effective cyber security
SME’s can protect themselves against cyber-attacks and mitigate the risk of being excluded from supply chains by undertaking a certification process. Cyber Essentials Plus is a UK government and industry backed scheme to help all organisations protect themselves against common attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) they set out basic technical controls for organisations to use which is annually assessed. The aim is to ensure that companies can understand their cyber risks, implement appropriate cyber defences, meet minimum cyber security standards without hindering business and share best practice.

By displaying the Cyber Essentials badge on its website, an SME can demonstrate to customers, partners and investors their commitment to cyber security. This is particularly beneficial for organisations that are storing personal information on customers and employees, or hosting commercially sensitive data. Through certification, SMEs can proactively provide sufficient guarantees that regulatory requirements will be met and the rights of data subjects protected.

Staying safe in a connected world
SMEs have an inherent advantage over larger companies, their agility enables them to be flexible and adjust to changes quickly. The lack of red tape and corporate complexity means they can act and adapt fast. By giving cyber security the same priority as other business goals, SMEs can maintain their advantage and thrive in the new digital age. Yet, according to the 2018 Cyber Security Breaches Survey[iii], 25% of SMEs have no cyber security governance or risk management measures in place.

Cyber security need not be prohibitively expensive, SMEs need to seek solutions matching their size and needs, and not necessarily the same solutions used by a big organisation. By utilising an online information security management system (ISMS) that incorporates Cyber Essentials Plus, SMEs can undertake certification guided by a virtual online security officer (VOSO) as part of its wider cyber security measures. By navigating their way to compliance SMEs can look forward to the benefits of legislation through competitive differentiation and a new business culture that cherishes customer privacy and third-party relationships.

[i] https://www.hiscoxgroup.com/news/press-releases/2018/18-10-18

[ii] https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html

[iii]https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/701841/CSBS_2018_Infographics_-_Micro_and_Small_Businesses.pdf

Blog - March 2019, London, UK

Complacency in supply chain cyber security – a hidden threat to SMEs

Joe Collinwood, CEO at CySure, takes a closer look at the implications of complacency in supply chain cyber security.

Small and medium sized enterprises are under pressure to protect themselves against cyber attacks to mitigate the risk of being excluded from supply chains.

In a rapidly evolving landscape of cyber threats, many organisations are focusing efforts on protecting the confidentiality, availability and integrity of their networks and systems. While this is important, small to medium enterprises (SMEs) are typically falling to understand the wider risks and to implement basic cyber hygiene measures. This complacency compromises their own IT environment and that of suppliers and partners within their supply chain.

New research conducted by the Federation of Small Business (FSB) identified that 65% of UK Small Businesses do not have plans in place to deal with potential supply chain disruption including cybercrime . The threat is real and SMEs need to act or risk their business failing due to the lack of a robust cyber security strategy.
The weakest link
A number of big brand organisations have recently been exposed by data breaches and although their names may have made the headlines, in some incidences the security breach occurred due to flaws in third-party partners. High profile data breaches such as the attack on communications firm TalkTalk, which was fined £100,000 in 2017 by the Information Security Office (ICO) for a third party’s misuse of data , have been a wake-up call for organisations, whatever their size.

Like TalkTalk, many organisations often rely on a vast network of agile SME suppliers and partners. However, small companies can be easier targets for attackers if they don’t have robust security measures in place. With information and security arrangements shared across a supply chain, the cyber-security of any one organisation within the chain is potentially only as strong as that of the weakest member.

Research firm Vanson Bourne , surveyed 1,300 senior IT decision-makers and IT security professionals in organisations with 500+ employees. Respondents were selected from across major industry sectors and from the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore. The study, conducted in 2018, revealed that two-thirds of respondents reported that their organizations had experienced a software supply chain attack, with 90%of those confirmed that they had incurred financial cost as a result. The average cost of an attack was over $1.1 million.

The survey also found that the majority of organizations aren’t adequately prepared and feel vulnerable. Almost 90% of the survey respondents believe that they are at risk for a supply chain attack, yet companies are still slow to detect, remediate and respond to threats.

A determined attacker will stress test the cyber security of a supply chain, seeking to identify the weakest link and use any vulnerabilities present to gain access to other members of the chain. Whilst not always the case, it is often SMEs, with their limited IT expertise and resources, that have the weakest cyber-security arrangements. Once an attack has been
successful against an SME supplier, attackers can then leverage their access as an entry vector into the larger network.

Securing the supply chain down the line
Following the introduction of the EU General Data Protection Regulation (GDPR) and the broader scope of fines available to the Information Commissioner’s Office (ICO), large organisations are realising that it’s no longer enough to ensure their own network is secure, they must now also pay attention to securing the supply chain.

Enterprises that are at the top of a supply chain will more and more require certification as proof of security and compliance, or will want contractual warrants and indemnification as protection for themselves. The increased risks of a data breach and GDPR enforcement are requiring companies to ensure they have cyber security as a part of their contract with processors, contractors or service providers. Larger organisations, which are risk adverse to reputational damage and business disruption, will choose to use only those suppliers that are certified as part of their due diligence and selection process.

The increased risk of cyber-attacks is not only a concern within the enterprise. The Department of Defense (DoD) has announced that all contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts.
Effective cyber-security risk management with certification
SMEs can protect themselves against cyber-attacks and mitigate the risk of being excluded from supply chains by undertaking a certification process. Cyber Essentials is a UK government and industry backed scheme to help all organisations protect themselves against common attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) they set out basic technical controls for organisations to use which is annually assessed. The aim is to ensure that companies can understand their cyber risks, implement appropriate cyber defences and meet minimum cyber security standards without hindering business and share best practice.

With larger organisations increasingly validating that sufficient cyber-security standards are implemented across the entire supply chain, SMEs risk losing contracts should they fail to prove sufficient compliance and information security to meet the minimum expected by their partners. SMEs that are not prepared to take cyber security seriously will be weeded out by business failure, either due to a data breach or not being able to compete with certified businesses.

It is time for SMEs to act and adapt their information security practices to the new landscape and demonstrate their cyber credentials. By utilising an online information security management system (ISMS) that incorporates Cyber Essentials, SMEs can undertake certification guided by a virtual online security officer (VOSO) as part of its wider cyber security measures. This will help the organisation to coordinate all security practices in one place, consistently and cost-effectively, keeping them safe and competitive in 2019 and beyond.

[i] https://www.fsb.org.uk/first-voice/majority-of-small-businesses-unprepared-for-business-interruption

[ii] https://www.theguardian.com/business/2017/aug/10/talktalk-fined-100000-for-not-protecting-customers-personal-data

[iii] https://www.vansonbourne.com/client-research/24111701tc

Blog - January 2019, London, UK

Worried about the financial impact of data breaches? 5 reasons for cyber insurance

Despite the rising cost of data breaches most organisations are unprepared to deal with the financial and reputational repercussions. Joe Collinwood at CySure explains why cyber insurance is a business essential

Cyber risk remains a key concern for every boardroom and small to medium enterprise (SME) business owner. The current cyber landscape is chaotic including state-sponsored hackers, financially motivated cybercrime gangs and simple negligent data loss. Risk is everywhere and liabilities are high. Cyber threat remains one of the most significant and growing risks facing organisations today and too few are prepared.

The global average cost of a data breach per compromised record in 2018 was $148, a 6.4% increase from 2017, according to the Ponemon Institute 13th-annual Cost of Data Breach Study. Interestingly, locations that experienced the most expensive data breaches include the US and the UK, where notification costs are nearly five times the global average. It is clear the problem isn’t going away. Although cyber security most often makes it into the headlines because of large breaches, the most frequent threat is actually to SMEs. Smaller organisations are by nature agile and innovative, harnessing the power of technology and the Internet to reach their customer base, however, this also increases the attack surface. Research conducted by the National Cyber Security Alliance revealed that 60 percent of hacked small and medium-sized organisations go out of business after six months.

Five reasons for cyber insurance
Becoming more resilient to cyber risks in an age of digital disruption means understanding the full scope of cyber governance responsibilities. Here are five reasons why every business, regardless of size or ownership, needs cyber insurance:

1. Cyber crime is growing exponentially – an overwhelming majority of businesses are reliant on online services, which exposes them to cyber security risks. The 2018 Cyber Security Breaches Survey, conducted on behalf of the UK Government, revealed that 43% of UK organisations surveyed had experienced a cyber security breach or attack in the last 12 months. With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and have coverage to mitigate the risk.

2. Data breaches are costly – as mentioned before, in Ponemon Institute’s 2018 Cost of Data Breach Study, the average cost of a stolen or lost record is $148, while the overall cost of a data breach is nearly $4 million. This is irrespective of the fines and sanctions under the new General Data Protection Regulation (GDPR) within the EU and California’s Consumer Protection Act, which comes into effect on 1st January 2020 and will surely add to those costs.

However, the real expense of an attack against an organisation is not just the financial damage suffered or the cost of remediation, a data breach can also inflict untold reputational damage. Suffering a cyber-attack can cause customers to lose trust and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new business or government contracts.

3. Organisations can be held legally and financially liable if third party data is compromised in a breach – emerging regulation as announced by the US Department of Defence (DoD) and the EU’s GDPR, places the responsibility on organisations to only appoint third parties who can provide sufficient guarantees that the requirements of NIST 800-171 and GDPR will be met. Both the DoD and the UK’s Information Commissioner’s Office (ICO) will hold liable, and may, fine any organisation that has not carried out due diligence to ensure third parties are compliant. Regulatory fines have become synonymous with data breaches and the fact that cyber risks are now global, makes complying with various regulatory responses across different geographies all the more challenging.

4. Standard insurance policies do not cover cyber risk - cyber insurance is specifically designed to cover the unique exposure of data privacy and security and can act as a backstop to protect a business from the financial and reputational harm resulting from a breach. While some categories of losses might be covered under standard policies, many significant gaps often exist and cyber events can impact numerous lines of insurance coverage. Standard policies are often unlikely to cover the cost of even a “standard” security breach, let alone cyber-attack or ‘hacktivism’. Only specialist cyber insurance policies provide extensive cover. However, organisations need to research policies carefully to understand the level of cover offered and their responsibilities to stay within the conditions of the policy.

5. Improved cyber awareness and risk management – insurance is just one piece of the puzzle and solely taking out a cyber insurance policy won’t protect an organisation from a cyber-attack. Given that the single greatest cyber risk is social engineering, ie employees voluntarily but unknowingly allowing an attack to occur, it's critical that organisations get the basics right, such as putting every employee through training on how to avoid and recognize cyber threats. The fact is that the vast majority of damage done by cyber-attacks is due to an inability of the party being attacked to respond. Organisations need a comprehensive risk management plan that details how the company will respond in the face of a cyber-attack, that includes unknown threats.

Getting the basics right
Given the complexities and ever-changing threats it is important to be proactive as possible. Cyber Essentials is a UK government-backed and industry supported scheme that guides organisations on how to protect themselves against the most common cyber threats. Undertaking a certification route will help organisations, especially SMEs which may not have a dedicated cyber security specialist, to coordinate all security practices in one place, consistently and cost-effectively.

Certification is a valuable indicator of a mature approach to cyber security in organisations. It helps to guard against the most common cyber threats and demonstrate a commitment to cyber security. Whilst cyber insurance can provide a layer of protection when an organisation is faced with a cyber threat, it is no substitute for good cyber hygiene. Insurance should be viewed as an important addition to a company’s overall risk management, but organisations should not wait for a breach before confronting their cyber risks and exposure.


Blog - January 2019 London, UK

Keep your cyber security in check – 4 reasons to get certified

When it comes to cyber security breaches – is it a question of when not if? Joe Collinwood at CySure looks at how certification can set SMEs on the path to good cyber hygiene

Cyber security has become a fundamental component of business operations. As cyber criminals get more sophisticated and threats continue to evolve it is vital that companies invest in security policies, procedures and products regardless of size, market or location.

Small and medium-sized enterprises (SMEs) are as much at risk from data breaches as large organisations. According to the Cyber Security Breaches Survey 2018, 42% of small businesses identified at least one breach or attack in the last 12 months. This is a significant problem which is set to increase as criminals find new ways to digitally delve into organisations for increasingly valuable personal information.

However, it is not an insurmountable problem and SMEs can protect themselves against common cyber-attacks by undertaking a certification process. Cyber Essentials is a government and industry backed scheme to help all organisations protect themselves against common cyber-attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) they have set out basic technical controls for organisations to use which is annually assessed. Here are four reasons to get certified:

1. Mitigate cyber risks
Whilst no security strategy can stop 100% of attacks, the aim is to mitigate the risk as much as possible. The majority of attacks exploit basic weaknesses in IT systems and software, and these can be quite straightforward to defend against. Being fully Cyber Essentials[i] compliant mitigates 80% of the risks faced by businesses such as malware infections, social engineering attacks and hacking. The Cyber Essentials scheme aims to provide businesses with a strong base from which to reduce the risk from these prevalent cyber-attacks.

2. Identify weak security links in your supply chain
As the saying goes, you are only as strong as your weakest link and this is especially true when dealing with third parties that are outside of your domain of control. The 2017 Data Risk in the Third-Party Ecosystem study found that 56% of respondent organisations had been affected by a third-party data breach, up from 49% the previous year. This should be a major concern to any organisation as GDPR makes it clear that organisations are accountable for data breaches caused by any third-party service providers they appoint to handle data.

Organisations, or in GDPR speak, ‘controllers’, must only appoint third party ‘processors’ who can provide sufficient guarantees that the requirements of the GDPR will be met and the rights of data subjects protected. By using a third party that has achieved certification via a scheme such as Cyber Essentials or IASME governance standard, organisations can show that they have taken steps to conduct due diligence within its supply chain. Certification demonstrates that information security procedures within a third-party processor are certified to be the same, or more comprehensive than, the information security procedures followed by the controller organisation for the data involved in the contract.

3. Show commitment to cyber security
By displaying the Cyber Essentials badge on its website, an SME can demonstrate to customers, partners and investors their commitment to cyber security. This is particularly beneficial for organisations that are storing personal information on customers and employees, or hosting commercially sensitive data. Through certification, SMEs can proactively provide sufficient guarantees that regulatory requirements will be met and the rights of data subjects protected.

4. Competitive advantage
Improving cyber security within its supply chain is a priority for UK Government. It has decreed that suppliers must be compliant with the Cyber Essentials scheme in order to bid for contracts which involve the handling of sensitive information and the provision of certain technical services. However, Cyber Essentials presents a competitive advantage to certified SMEs when competing for all business or tendering for public sector proposals as they will be able to demonstrate their security credentials and their diligence towards defending the integrity of their customers’ data.

Supported at every stage
Achieving safety and compliance doesn’t have to be a costly or complex project. By utilising an online information security management system (ISMS) that incorporates Cyber Essentials, SMEs can undertake a certification route guided by a virtual online security officer (VOSO) as part of their wider cyber security measures. This will help the organisation to coordinate all security practices in one place, consistently and cost-effectively. Additionally, SMEs can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full time in-house security specialist or a team of consultants.

Certification has many benefits; it ensures standardisation within the supply chain and is a good differentiator for SMEs who provide services as it shows a diligence to information security. The UK National Cyber Security Centre has taken a leadership role in providing the technical expertise for the Cyber Essentials scheme, which ensures that it encompasses the county’s best technical insight and experience. Cyber Essentials certification can help SMEs implement strong, cyber security hygiene practices and benefit from the new digital world.

[i] https://www.cyberessentials.ncsc.gov.uk/

News Release - 11 December 2018, London, UK,

CySure partners with digital consultants Rubitek for cyber security

Cyber security specialist CySure Ltd has partnered with Rubitek as a digital consulting re-seller. Rubitek has added CySure’s Virtual Online Security Officer (VOSO) to its digital consulting offering to support businesses worldwide with their cyber security.

Sammy Williams, Digital Architect at and Director of Rubitek, said: “We are delighted to introduce CySure’s VOSO to our product suite. Cyber-attacks are becoming increasingly prominent in the world of business, so to be able to help small and medium-sized enterprises (SMEs) prevent attacks is a really exciting opportunity for us. VOSO fits in nicely with our established digital consulting products, and we’re all looking forward to supporting businesses all over the world, one click at a time.”

SMEs in the UK are just as much at risk from data breaches as large organisations. According to the Cyber Security Breaches Survey 2018, 42% of small businesses identified at least one breach or attack in the last 12 months. Suffice to say, this is a significant problem, and one that’s only set to increase as online criminals continue to discover new ways to access valuable and personal information stored by businesses.
Sammy continued: “We chose to partner with CySure because VOSO incorporates the high security standards, around-the-clock monitoring and action-lead reports we offer our customers. CySure shares our values and vision of helping SMEs stay cyber-safe and, like us, no challenge is too complex, and no goal is too grand for them. Together, our aim is to shield as many SMEs from internet-based attacks as we can.”
VOSO incorporates both US NIST and UK Cyber Essentials security standards to guide enterprises through the certification process, ensuring the right steps are taken to keep data secure and organisations compliant.
When it comes to the world of GDPR, CySure maps the security component of the regulations into VOSO and breaks them down into digestible, easy-to-follow actions. This enables businesses to clearly navigate their way through a staged compliance approach and work towards Cyber Essentials (CE). Many companies see CE certification as a commercial differentiator and evidence of their commitment to cyber security.
Joe Collinwood, Chief Executive Officer of CySure, concluded: “Cyber security has become a fundamental component of business operations but, unfortunately, some SMEs are lagging behind.

“It’s vital that SMEs safeguard their business by investing in security policies, procedures and products. CySure is partnering with Rubitek because its market-leading consulting, design and solution architecture services complement VOSO, and we share the same objective to support SMEs in implementing strong, cyber security hygiene practices so they can thrive in today’s digital economy.”

For more information about Rubitek, visit https://rubitek-consulting.com

Blog - December 2018, London, UK

Cyber Security, GDPR and SMEs – are the wrong questions being asked?

Cyber security and GDPR starts with people and processes not costly consultancy or complicated technology, says Joe Collinwood, CySure CEO

Even before GDPR came into effect in May 2018, there was concern over the inconvenience and financial burden that becoming compliant places on organisations, especially small and medium sized enterprises (SMEs) lacking full time IT expertise. It’s all very well for commentators and reports to recommend organisations allocate between 9% and 13% of their IT budget to cyber security but if there is no budget in the first place that advice is meaningless.

What questions to ask?
In truth, are we asking the wrong questions when it comes to GDPR and cyber security in terms of SMEs? Asking a smaller business the size of its IT budget is not particularly relevant when the majority of companies work on a “break and fix” basis. The real question should be are there proper organisational policies and technical measures in place to secure their customers and employees personal data? Along with what measures are in place to stop staff doing what they shouldn’t be doing and therefore putting the organisation in danger of attack and non-compliance?

The Data Protection Act states that appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. This is known as Principle 7. SMEs are therefore expected to have adopted Principle 7 and GDPR sits on top of it; however, it can only be achieved through people and processes to ensure correct implementation.

Security Controls
There is no single product that will provide a complete guarantee of security for any business. The recommended approach is to use a set of security controls that complement each other but will require ongoing support in order to maintain an appropriate level of security.


There is a lot of misinformation out there about GDPR but what haven’t been fairly represented are the business benefits. The real driver for adopting new compliance principles should be to make businesses more efficient, secure and competitive.

Minimising complexity
The key points of GDPR are that businesses must have consent and an opt-in from customers that cannot be confusing. For example, an organisation’s policies must state precisely what data is being collected, what it will be used for and how long the company will store that data. In essence, GDPR is about putting the power of data back in the hands of consumers, giving customers a better understanding of where their data is and what it’s being used for.

Organisations concerned about meeting compliance regulations could benefit from undertaking a Cyber Essentials (CE) or CE Plus certification route from The IASME Consortium Ltd guided by a virtual online security officer (VOSO) as part of an information security management system. This helps to manage the business safely, avoid cyber threats and become GDPR compliant.

The benefit of this approach is that SMEs can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full time in-house security specialist or a team of consultants. The process can be broken down into a set of discrete actions providing an easy to follow, staged approach to compliance. By taking away much of the time consuming administrative burden, a VOSO frees up management to focus on policies, procedures and employee training to create a cyber aware and compliant culture.

Maximising opportunity
To become GDPR compliant organisations must have a comprehensive understanding of their data, which gives the opportunity to better understand their customers. In order to comply with regulations, increasing data visibility across organisational silos, de-duping lists, and cleansing and mapping data are essential practices.

Organisations can improve data management by detecting and getting rid of redundant, obsolete and trivial files, after all, why take responsibility for something that has no business value. With data cleaned up employees can be more productive and efficient through working with accurate, easily searchable and accessible data. By improving data management, organisations can reduce risks while unlocking the true value within their data and improve performance.

Embracing change
Cyber security and GDPR compliance does not rest just with IT whether inhouse or outsourced - it is everyone’s responsibility. Small businesses can help their employees comply with the new regulation and protect against data breaches by developing a comprehensive communication and training strategy. Achieving safety and compliance doesn’t have to be a costly or complex undertaking. By utilising an online information security management system that incorporates Cyber Essentials, SMEs can navigate their way to security and look forward to the benefits of legislation through competitive differentiation and a new business culture that values customer privacy. It’s all a case of asking the right questions in the first place.

News Release - 7 November 2018, London UK

CySure appoints cyber specialists EnterpriseRed as a new security and compliance reseller partner in the UK

Collaborative partnership to help organisations improve compliance and cyber security awareness amongst workforce

Cyber security specialist CySure Ltd has appointed EnterpriseRed as a specialist reseller partner in the UK further extending Cysure’s international network of partners across the Republic of Ireland, South Africa, the USA and the UK. The Berkshire-based cybersecurity experts will resell CySure’s information security management system, Virtual Online Security Officer (VOSO).

After conducting a review of their solution portfolio, EnterpriseRed identified a gap for an information security management system to assist with compliance. CySure’s VOSO solution was chosen as it enables customers to manage and demonstrate their compliance with the General Data Protection Regulation (GDPR) simply and effectively. VOSO incorporates both US NIST and UK CE cyber security standards to guide enterprises through the compliance process ensuring the right steps are taken to keep data secure and organisations compliant.

Ian Kennedy-Compston, CEO of EnterpriseRed said, “There is a lot of misinformation about GDPR and the cost and complexity of becoming compliant. CySure’s solution cuts through the fog, with clear guidance and support for organisations throughout the process. We see VOSO as adding significant value to the GDPR process spreadsheet completion and envisage this product will significantly assist our customers going forward.”

CySure has been accepted onto the UK Government’s G-Cloud 10 digital marketplace. As part of that process the security component of the GDPR was mapped into VOSO, providing an easy to follow, staged approach to GDPR along with all the policies and training videos necessary to complete the compliance process.

Joe Collinwood, Chief Executive Officer of CySure added, “The partnership with EnterpriseRed was borne from a joint philosophy that achieving safety and compliance doesn’t have to be a costly or complex undertaking. However, many small to medium enterprises (SMEs) still don’t have the bandwidth to address this matter effectively despite the risk of data breaches. By utilising VOSO, organisations can enjoy the benefit of a powerful information security management system which interprets government and industry standards to ensure the right steps are taken to keep data safe and the organisation compliant. By partnering with EnterpriseRed, Cysure continues to extend its footprint in the UK market and we look forward to a mutually beneficial relationship.”

For more information on CySure and its full suite of services, visit www.cysure.net For more information about EnterpriseRed, visit https://enterprisered.com/

Blog - October 2018, London UK

GDPR - the most common misconception and 4 things every business should know

Addressing the misunderstanding surrounding cookies and consent in terms of GDPR

The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 with great fanfare, and rightly so. It is the most significant change to data protection legislation in Europe for over two decades and puts individuals back in the driving seat of how their data is used. However, there continues to be a lot of confusion within the business community on the steps that need to be taken to ensure compliance. Consequently, many businesses are suffering from ‘GDPR fatigue’ caused by over exposure to security and legal rules.

GDPR applies to even small business
GDPR is designed to govern how every organisation treats the personal data it collects. The size and location of the business is irrelevant, if an organisation holds personal information on individuals in the EU, as consumers or employees, then the regulation applies. In practice, this means that the principles guiding how data should be collected, processed, shared and stored apply to virtually every business within the EU, as well as those beyond Europe with customers the European Union. There’s no exemption for small businesses or sole traders.

For small and medium sized enterprises (SMEs) compliance can often be unclear as many companies have relied on their IT person, an outsourcer or external legal services to advise and implement data privacy measures. This has left some business owners unsure of what actions are needed to meet the requirements of the legislation.

Cookies and consent - 4 things every business should know
There is a common misconception that GDPR is purely about consent and whilst this is a critical obligation, it is by no means the only area of focus. Small businesses that have an online presence must obtain clear and unambiguous consent before collecting and processing personal data. Some businesses may believe they are GDPR compliant by having a cookie consent and privacy policy on their website, however GDPR requires organisations to meet a more comprehensive set of privacy obligations, such as;

• Data minimisation – businesses should only collect personal information which is directly relevant and necessary to accomplish a specified purpose. If you don’t need it, don’t collect it! Companies should also periodically review the data they hold ensuring the deletion of anything not needed

• Integrity and confidentiality – businesses must ensure they have appropriate security measures in place to protect the personal data held. This extends to ensuring that any personnel that have access to personal data have a legitimate need to do so and receive regular cyber security training

• Data protection by design – organisations are obligated to consider data protection and privacy issues upfront in everything they do. In essence, this means integrating or 'baking in' data protection into processing activities and business practices, from the design stage right through the lifecycle

• Breach notification – there is a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority. Organisations should prioritise developing a robust detection, investigation and internal reporting procedure before a breach happens. Certain types of personal data breaches must be reported within 72 hours of becoming aware of the breach, so it is essential that processes are in place.

The importance of certification
Certification is a way of demonstrating that an organisation’s method of processing personal data complies with GDPR requirements. Organisations concerned about meeting compliance regulations could benefit from undertaking a certification route, such as Cyber Essentials or the IASME Governance standard, guided by a virtual online security officer (VOSO) as part of a wider information security management system.

Obtaining certification for data processing can help SMEs to:

• Have a competitive advantage
• Be more transparent and accountable
• Create effective safeguards to mitigate the risk around data processing and the rights and freedoms of individuals
• Improve standards by establishing best practice
• Mitigate against enforcement action.

The benefit of certification via an information security management system (ISMS) is that SMEs can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full time in-house security specialist or a team of consultants. The process can be broken down into a set of discrete actions providing an easy to follow, staged approach to compliance. By taking away much of the time consuming administrative burden, a VOSO frees up management to focus on policies, procedures and employee training to create an aware and compliant culture.
The processes necessary for GDPR compliance can deliver many commercial advantages, after all data is the lifeblood of any organisation. By taking a proactive stance towards GDPR, SMEs can take control of their data and engage with customers and prospects on a deeper and more personalised level. SMEs that treat GDPR as a box ticking exercise are missing the wider opportunity to demonstrate trust and confidence with their target audience – their customers.

Joe Collinwood is CEO of Cysure.net

Blog - October, London, UK

How safe is your business? - 5 Steps to Cyber Security

Getting organised with an information security management system (ISMS) goes a long way to preventing data loss and fines. Joe Collinwood, CEO at CySure explains how.

With new threats appearing daily cyber security is becoming increasingly important and complex, yet many business owners don’t have the bandwidth to take the trend seriously. Most news stories have focused on security breaches in large organisations however, all businesses are vulnerable to security threats, especially if they lack the resources and expertise to implement operational and risk management policies. Cyber criminals are preying on this lack of expertise and target medium sized enterprises as they are easy victims and can be used as a backdoor to larger companies.

The Cyber security breaches survey 2017 conducted by Ipsos Mori on behalf of the UK Government revealed that 52% of small businesses identified a cyber breach or attack in the past 12 months. The most common types of breaches identified were related to staff receiving fraudulent emails (72%), followed by viruses, spyware and malware (33%), people impersonating the organisation in emails or online (27%) and ransomware (17%). For companies with limited budgets, cyber security can be a tricky job, however, getting “your ducks in a row” with an information security management system is a good place to start.

Here are 5 Steps to Cyber Security:
1. Leadership is vital – cyber security starts at the top of the organisation, if management leads by example taking an active approach to the mitigation of cyber risk, this attitude will prevail throughout the organisation. Understandably, leaders are often focused on building their business and not inwardly looking at complex organisational policies. However, adopting a systematic approach to processes and procedures promoted by a virtual online security officer, as part of an information security management system takes away much of the time consuming administration burden.

Organisations that cannot afford a full time inhouse security specialist can seek the services of an online service to guide them through the complex, emerging safety procedures and protocols to improve their online security and reduce the risk of cyber threats.

2. Education and awareness training – as revealed in the Cyber security breaches survey 2017, phishing emails and malware are the two biggest threats to organisations. Both of these exploit human behaviour so it’s vital that staff are trained to recognise the threat and respond appropriately.

Similarly, accidental breaches, privilege misuse and data loss are all the result of employees not understanding their information security obligations. Educating staff on the ways they could put data at risk helps organisations turn one of their biggest vulnerabilities (people) into an area of strength.

3. Identify your risks - a risk assessment is one of the first tasks an organisation should complete when preparing its cyber security programme. Identifying the risks that can affect the confidentiality, integrity and availability of information is a time consuming process. However, by identifying threats and vulnerabilities organisations can take steps to mitigate by prioritising which risks need to be addressed in which order. Without an assessment, organisations may miss vulnerabilities or waste time, effort and resources addressing events that are unlikely to occur or won’t cause significant damage.

4. Regular reviews – policies and procedures are the documents that establish an organisation’s rules for handling data. Policies provide a broad outline of the organisations principles, whereas procedures detail the how, what and when things should be done. Together they provide a framework of do’s and don’ts for the organisation’s workforce on how data should be managed and trains employees to offset social engineering campaigns that are one of the main causes of a data breach.

A good information security management system will provide policies and procedures that ensure regular reviews are conducted with all employees to ensure they are up to date and policies remain effective. If a procedure isn’t working, it needs to be rewritten.

5. The wonders of a dashboard – assessing progress and monitoring improvements is essential to maintaining an organisation’s security posture. A dashboard simplifies the process by providing a central location for all plans, policies, best practice advice and employee training information. Good dashboard software should guide companies through complex safety procedures and protocols, display compliance progress against selected standards including GDPR as well as online security training videos for continual staff training. A visual traffic light system soon lets business leaders know just how well prepared their organisation is to prevent a data breach or cyber attack.
It’s time for companies to act

By underestimating the true impact a cyber attack can have on their reputation and the disruption caused while management remediate the situation, businesses are putting themselves at significant commercial risk. Now more than ever it is essential to take action and reduce the risk of cyber threats. Without adequate protection they are risking their future business growth and development.
Managing risk from inside the organisation is vital and relies upon the application of a consistent set of policies and processes, backed up by continual employee training. By utilising an information security management system that incorporates leading cyber security standards, companies can benefit from the expertise of online cyber security consultants at a fraction of the cost, enabling them to create robust, best-practice policies to help keep their organisations safe.

Joe Collinwood is CEO of Cysure.net

News Release - 28 September 2018, London UK

CySure announces availability of Virtual Online Security Officer (VOSO) on G-Cloud 10 Digital Marketplace

Security component of GDPR added to further protect public sector organisations against cybercrime

Cyber security specialist CySure Ltd has announced that its Virtual Online Security Officer (VOSO) has been accepted onto the Government’s G-Cloud 10 digital marketplace. With the latest iteration of the G-Cloud framework, CySure has extended the proven capabilities of the company’s VOSO online solution to protect organisations against the growing threat of cybercrime. It has mapped the security component of the General Data Protection Regulation (GDPR) into VOSO, providing an easy to follow, staged approach to GDPR along with all the policies and training videos necessary to complete the compliance process.

Organisations today, particularly those in the government and public sector, operate in a constantly changing environment where cybercrime is a real threat. Latest statistics from the Department for Digital, Culture, Media & Sport reveal that four in ten businesses and two in ten charities have experienced a cyber security breach or attack in the last 12 months. However, only 27% of businesses and 21% of charities have a formal cyber security policy or set of policies in place.

Joe Collinwood, Chief Executive Officer of CySure said, “Research from GCHQ reveals that 80% of cyber-attacks are easily prevented when staff are trained regularly, and the right policies are in place. Managing risk from inside the organisation is vital and relies upon a consistent, dynamic process with continual training. Our VOSO solution interprets government and industry security standards in simple terms and outlines the steps to take to protect online equipment and stored data at the fraction of the cost of a human counterpart. We are delighted that VOSO has been accepted onto the government’s G-Cloud framework, the go-to place for trusted technology solutions from suppliers that are thoroughly vetted, can demonstrate clear ways of working and transparent pricing. Our customers in the public sector can depend on our expertise to create a robust, best-practice formula to help keep their organisations safe.”

CySure’s simple-to-use, web-based Virtual Online Security Officer incorporates a comprehensive range of features such as remote monitoring and secure configuration of all networked devices, asset mapping, vulnerability scanning and patching, dashboards to display compliance progress against selected standards including GDPR as well as online security training videos for continual staff training. Costing £1 per user per month, VOSO reduces the requirement for expensive in-house cyber security consultants or compliance officers, mitigates the risk of law suits and regulatory fines and ensures employees are trained regularly and kept informed of the latest cyber security updates.

News Release - 24th September 2018, London UK

CySure appoints Renaissance Contingency Services as new security and compliance distributor in Ireland

New partners co-host webinar on Cyber Security, GDPR and Local Government on 20 September 2018

Cyber security specialist CySure Ltd has signed up Renaissance Contingency Services as the company’s first distributor in Ireland. The Dublin-based IT security and compliance experts will resell CySure’s information security management system, Virtual Online Security Officer (VOSO). The agreement with Renaissance further extends Cysure’s international network of partners across the Republic of Ireland, South Africa, the USA and the UK.

Michael Conway, Director at Renaissance Contingency Services said, “Every day, networks and businesses are being attacked by cyber criminals and we need to work alongside partners we can trust to guide organisations through today’s complex security and compliance landscape. We selected CySure after evaluating the marketplace for a solution that would allow our partners and their customers to manage and demonstrate their compliance with the General Data Protection Regulation (GDPR) simply and effectively. When combined with our 30-year track record in the industry, we can jointly offer the depth and strength of solutions and advice our partners need to grow their business while protecting themselves and their customers against the constant threat of cyber attacks.”

CySure has been accepted onto the UK Government’s G-Cloud 10 digital marketplace. As part of that process the security component of the GDPR was mapped into VOSO, providing an easy to follow, staged approach to GDPR along with all the policies and training videos necessary to complete the compliance process.

Joe Collinwood, Chief Executive Officer of CySure added, “As Ireland’s premier IT security distributor and leading business continuity consultancy provider, Renaissance has an enviable reputation for delivering a robust set of solutions. According to GCHQ research 80% of cyber attacks are preventable when staff are trained regularly and the right policies are in place. VOSO is a complete information security management system which interprets government and industry standards to ensure the right steps are taken to keep data secure and organisations compliant. This new partnership provides the potential for CySure and the IT channel to create a powerful valuable proposition to keep Irish public sector organisations safe and secure.”

On 20th September, CySure and Renaissance will co-host a 45-minute webinar entitled “Cyber Security, GDPR and Local Government”. During this interactive tutorial, attendees will learn about the main areas that make public sector organisations vulnerable to attack such as staff and contractor changes, human error and weak internal processes. They will also take away some simple, inexpensive ideas to facilitate their own path to GDPR compliance including the need for continual process monitoring; knowing when to engage external consultants to plug in knowledge and skills gaps while containing costs and a deeper understanding of executive legal responsibilities. To register for the webinar visit https://cysure.net/events

For more information on CySure and its full suite of services, visit www.cysure.net For more information about Renaissance Contingency Services, visit www.renaissance.ie

News Release - May 2018, London, England

CySure is excited to announce the launch of VOSO, CySure's Virtual Online Security Officer.

CySure's SaaS-based VOSO is a unique, pragmatic and affordable solution for SMBs in the fight against cybercrime.

Founded in 2015, CySure's VOSO is being launched after two years in development.

Joe Collinwood, CySure's CEO and co-founder, says, "Protecting a small business from Cybercrime is now an urgent issue for the economy. We recognize the typical SMB is already stretched beyond capacity and is struggling to deal with cybersecurity. The arrival of CySure mean SMB's can protect themselves the same as a large corporation might, but at a fraction of the cost it normally takes."

CySure has recently completed several field tests and installations with early adopters to demonstrate the effectiveness of VOSO for SMBs. CySure is now available in both the UK and the United States.

CySure believes VOSO is set to become the standard for executing a continual cybersecurity process allowing senior executives to easily monitor and oversee a cyber risk mitigation strategy.

What SMBs need is a simple and inexpensive way to create, implement and enforce cybersecurity security policies and procedures with the minimum of resources.

The advantage over competitors is that CySure's SaaS VOSO is inexpensive, makes it easy to implement standards-based security policies and procedures, quickly builds a breach response plan, and paves the way for cyber insurance optimization.

The ransomware program WannaCry that recently attacked computers in more than 150 countries has left small and medium-sized businesses scratching their heads and wondering what to do to protect themselves. The Government offers little practical help for the smaller enterprise. Virus checkers, anti-malware software and firewalls afford only so much safety. The heart of the problem of risk mitigation is not technology but human behavior.

CySure's approach is to take complex Government standards such as NIST and Cyber Essentials and deploy a Virtual Online Security Officer that automatically translates the selected standard into a simple to follow solution containing the related policies for the business owner. The service guides executives to which part of their compan's cybersecurity plan needs attention and translates this information into clear, actionable steps. The VOSO continues to monitor a company's performance against the selected standard.

CySure's VOSO allows leadership to understand what to focus on to successfully guard against 80% of all cyber-attacks. CySure understands that some breaches cannot be prevented, so CySure complements their solution with a breach response plan and optimized insurance.

CySure's VOSO creates an audit trail that enables senior executives to easily demonstrate adherence to the highest government standards and that management is discharging its fiduciary responsibility to protect the assets of their company.

CySure believes many SMBs are struggling either to become HIPAA compliant or maintain that accreditation as well as become cyber secure. As a result, CySure plans to initially market its product in highly regulated industries where HIPAA compliance is mandatory as Cyber Essentials and HIPAA share many similar requirements.

CySure is a start-up with headquarters located in Fair Oaks, California and an office in London.

  CySure is a start-up with headquarters located in Fair Oaks, California and an office in London.
  CySure's website is www.cysure.net

CONTACT
  Richard Hankins
  info@cysure.net
  020 3900 3300