Helping businesses reduce their risk exposure to cyber attack involves improvements to people, processes and technology. A comprehensive approach in all these areas is vital to improving cyber resilience.
1. People – cyber is all about people, so educating and training staff is essential. This includes ongoing and repeated cyber security refresher training, which many businesses do not provide for their staff. Threats and tactics are changing very frequently, so staff need to be equipped with the latest knowledge. Your staff are not the weakest link, make them the strongest link in your battle against cyber
2. Processes – information assurance (IA) is the collection of policies and processes, often in an Information Security Management System (ISMS) such as ISO 27001. An entry level for SMEs is the Cyber Essentials Scheme standard, which many Worcestershire businesses now have certification for
3. Technology – the IT hardware, software, laptops, tablets and mobile phones that all need continually monitoring, updating and testing. Buying the right products, and setting them up properly is key to being resilient
4. Testing – security testing (penetration test which is an ‘ethical hack’), and software testing is vital to ensuring that new vulnerabilities are not inadvertently introduced to the business, which hackers can find and then exploit. The main problem we see is an utter disregard for testing and acceptance processes. Spending more time, money and effort here will reduce cyber risk massively
5. Scanning & Monitoring – running regular vulnerability scans on your infrastructure will find holes and vulnerabilities, which need patching and fixing. Monitoring – are you winning or losing the cyber battle, or do you simply not know? Managed Cyber Security Services allow regular scanning and monitoring of your entire business
Cyber Security Support Programme
Worcestershire County Council, in partnership with the local Districts Councils and European Regional Development Fund 2014 – 2020, offer a new programme of support called Be Cyber Secure. A consortium has been appointed led by borwell, supported by the National Cyber Skills Centre and the University of Worcester.
The consortium are delivering a bespoke programme of Cyber Security support to Worcestershire SMEs. Depending on the current cyber security status of the SME, the support may follow one of three pathways and could lead to a recognised Cyber Security accreditation such as Cyber Essentials Scheme or ISO 27001.
A matched funded grant of up to £20,000, managed by the County Council, is available to assist with the implementation of improvements to systems and processes.
To enrol onto the cyber support programme or directly for the grant please contact the Worcestershire Business Central team on 01905 677888 or firstname.lastname@example.org.