The Business Leader print magazine has a qualified audience of high-net-worth individuals and business leaders.

The Business Leader website posts breaking news stories each day from around the UK.

Business Leader runs the UK’s leading regional and national Business Awards – which celebrate the best that British business has to offer.

Our wide variety of virtual events cover a variety of business-critical topics, from business resilience to inspirational talks.

Our wide variety of in-person events cover a variety of business-critical topics, round table debates and inspirational talks from our network of business leaders and VIPs.

Email Newsletters from Business Leader feature a mix of breaking news, thought leadership, and inspirational interviews.

In this guest article, Bleddyn-Aled Wyke, Cyber Operations Executive at PureCyber, provides a useful guide to small businesses in search of a cyber security package for their company.

Cyber security has become a hot topic over the last few years, ousted from dusty IT offices and server rooms into the limelight, for better or for worse. Awareness of the prevalence of threat actors (hackers to you and me) continues to grow, as companies large and small bear the brunt of cyber-attacks costing into the millions, bringing businesses and infrastructure to a sharp standstill.

However, cyber-attacks are not always initiated by hooded figures in dark rooms, or alienated employees exfiltrating and hocking off your valuable data onto the highest bidder on dark corners of the internet. Sometimes, it can be purely accidental: a lost laptop or flash drive on a crowded train picked up by the wrong person, leaving valuable company data or Personal Identifiable Information (PII) regarding employees or customers open for the wrong eyes to see.

A loss of PII can bring the wrath of governing bodies such as the Information Commissioner’s Office (ICO) with eye-watering fines being issued if due care and diligence have not been taken to prevent such issues. In 2018, Heathrow Airport was issued a £120,000 fine by the ICO due to a member of staff losing one USB stick containing PII. This device was not secured or encrypted, affording unrestricted access to over 1,000 private files. Whilst this is by no means an insubstantial amount, penalties can greatly exceed this, with fines into the millions being issued by the ICO alone.

Large multinational organisations with the resources to install dedicated teams in-house actively monitoring and defending against threats can still fall victim to cyber-attacks, so where does a smaller team start?

Regardless of knowledge on the subject, an audit of existing processes and systems in place can be a fantastic initial step, providing an analysis of where you are and where you need to be, from which you can prioritise where you need to start. There are multiple schemes and frameworks put into place by government and international standardisation bodies to help both prepare and educate organisations, regardless of size, against cyber-attacks. These often scale up in stringency as you progress through and it is up to a business to decide how far you wish to go, dependent on factors such as potential growth, and the value of data processed.

An example framework would be the NCSC-backed Cyber Essentials scheme, which offers a starting point for businesses both small and large looking to assess their cyber literacy. This starts with the self-assessed Cyber Essentials certification, probing into both technical and process-based questions which are later externally verified, helping in promoting awareness against common issues and vulnerabilities.

From here a business can move onto Cyber Essentials Plus, which pushes this further with the addition of a technical audit, verifying the previously established Cyber Essentials controls are in place and working effectively. With the completion of these, a business can move onto more advanced certifications or frameworks, such as IASME and ISO 27001. These delve into the previously touched on subjects, as well as also discussing aspects of governance, such as the management of risk, and business continuity. It is up to the business to decide how deep they wish to go.

Eliminating the threat of cyber-attacks is no small feat, new exploits are constantly being discovered, and new attacks and threat actors are popping up all the time. However, with the right policies and procedures, you can bring appropriate security measures and knowledge to your business, helping to curtail the threat faced by businesses today of all shapes and sizes.

Click for more articles from Cyber Security Month by Dragos

May 30, 2022 | Energy & Low Carbon

© Copyright 2022 Business Leader Ltd | Terms & Conditions | Cookie Policy | Privacy Policy

By signing up to receive the Business Leader newsletter you will receive breaking business news, exclusive interviews and original content three times a week to your inbox. You may also receive invitations to our events and please do get in touch with us to let us know what type of content you like best.

By submitting your details you confirm that you agree to the storing and processing of your personal data by Business Leader Ltd as described in the privacy statement.

Please leave this field empty.

Thank you for subscribing to the Newsletter. An email confirmation will be sent to you shortly.

Already have an account? Sign in here

By registering with Business Leader you confirm that you agree to our terms & conditions and our privacy statement.

Your account has successfully been created. Please login to your account to set your preferences.

Don't have an account? Register here

Fill out the form below to get emailed a password reset link.

Your password reset link has been sent, please check your email.