CYAN joins the Techies Go Green Movement

CYAN Solutions Ltd, today announces that it has joined Techies Go Green, a movement of IT and tech-oriented companies who are committed to decarbonising their businesses.


CYAN
 joins the community of organisations who are aiming to become carbon-neutral by 2030 at the latest. Techies Go Green enables each member to purposefully improve their energy efficiency by collaborating and sharing practical know-how.

Started by IT distributor DataSolutions, more than 200 companies have signed up to the initiative to date.

Glyn Cheesman, IT Security & Operations Director of CYAN, said: “I’m delighted that CYAN are a signatory of Techies Go Green and part of the movement of tech-oriented companies who are committed to decarbonising their businesses”.

“The Techies Go Green movement aligns perfectly with CYAN Sustainability Pledge™ which demonstrates our commitment on the way we operate as a business, the due diligence we carry out on selecting the underlying technologies we use, and the systems and processes we have in place for protecting the environment.”


Michael O’Hara, Techies Go Green co-founder said: “We are delighted that CYAN has joined Techies Go Green – an important initiative which aims to benefit companies, people and the planet.


“It is vital that every business takes responsibility, sets targets and reduces their environmental impact on the earth. Techies Go Green is designed to support this, share ideas and make a sustainable difference.” To learn more about or become a signatory with Techies Go Green, visit Techies Go Green.

  
Find out how your technology can impact your business growth and deliver success


Take our complimentary Technology Assessment Scorecard to find out how your IT and Business Technology are performing and get an expert professional perspective on how you can improve it to better support both your current business performance and your future business growth potential.
 
 

A Year in Review

In the 12 months of 2022 CYAN gave to you...

January

CYAN begins its journey to join an elite group of IT service providers around the world who are ISO/IEC 20000 accredited, the International Standard for IT Service Management.

 

George, our apprentice, joins #teamCYAN. Look out for an update on George and his first year at CYAN coming soon!

February

CYAN were delighted to announce Glyn Cheesman as our Director of IT Security & Operations.

 

#teamCYAN completed a virtual walking challenge from Lands End to John O’Groats, a total of 1,215 miles!

 

CYAN starts COWS (CYAN Open Water Swimmers); Open water swimming improves mood, increases positivity and importantly maintains wellbeing and happiness! We have some very happy COWS!

March

It was a busy month here at CYAN; a big shout out to #teamCYAN for passing their exams and accreditations!

 

Alex – Microsoft Azure Administrator (AZ-104)

Jon – Azure Fundamentals (AZ-900)

John – MS-100 Microsoft 365 Identity and Services

Tom – Azure Fundamentals (AZ-900).

Amy – AAT Final Accounts Preparation (Towards the Advanced Diploma in Accounting).

Andy – Management Essentials

Toby – Azure Fundamentals (AZ-900)

April

CYAN Sustainability Pledge – CYAN partners with Ecologi to make regular contributions to help tackle the climate crisis!

May

It was that time of year again when #teamCYAN, with their 4 legged furiends, took part in the Muddy Dog Challenge raising funds for Battersea Cats & Dogs Home!

June

Here at CYAN we were delighted to announce we once again passed our ISO27001 accreditation with flying colours.

 

CYAN became an accredited Living Wage Employer.

 

We recoginsed a CYANniversary, our Business Support Manager, Clare Bond celebrated a decade @teamCYAN!

July

CYAN celebrated its 18th Birthday, Happy Birthday CYAN!

 

It also saw #teamCYAN finally let their hair down and enjoy a slightly delayed 2021 Christmas party!

August

CYAN becomes a Techies Go Green Signatory – a movement of IT and tech-oriented companies who are committed to decarbonising their businesses.

September

Our MD, Simon Bond, was invited to speak at the Entrepreneur Club Business Owners Event at St. James’s Place in London! Topics included exloring options to grow your business, breaking through the barriers that constrain your business, gaining access to funding and selling your business for the greatest possible value.

 

September saw the launch of our new website! New website. Same amazing team. Same unmatched service! If you haven’t already, please go and take a look… we are rather pleased with the new look CYAN!

 

October

CYAN achieves IASME Certification demonstating our committment to information and cyber security.

 

CYAN successfully passes its first of two external surveillance audits for achieving ISO/IEC 20000 – IT Service Management accreditation.

November

CYAN sucessfully renews its Cyber Essentials Plus certification for the fourth year running!

December

When CYAN first embarked on helping tackle the climate crisis…we set targets we felt we wanted to achieve in our first year. Its only 9 months since partnering with Ecologi and we are really proud to announce we’ve already hit those targets!

From all of us here at CYAN, we’d like to say thank you for your continued loyalty and support! It has been a pleasure to support you this year.


We’d like to wish you and your family a very happy hoiliday season, and we hope 2023 is full of joy and success for you.

cyan solutions

New website. Same amazing team. Same unmatched service.

Welcome to our first blog on our brand-new website!

As with any successful business, we never rest on our laurels and whilst we have continued to be flat out delivering “top, friendly, professional” service to our clients (their words, not ours!), we did decide it was time to revamp and refresh some aspects of our marketing and messaging.

Like all businesses, we’ve probably learnt more about the value of resilience and adaptability over the last two years than we have in the preceding decade.

However, we are fortunate to operate in a sector that lent itself to coping with the restrictions of the pandemic better than many others.

What became apparent was that many client businesses utilised some of their enforced downtime to invest in their IT and business technology to be better prepared for when their own customer base was allowed to return to normal business.

Most successful, forward-looking businesses realise it is no longer sufficient to have “adequate” business technology. If they want to get ahead of their competitors and offer their best possible service to their customers, they need secure, robust, seamless systems that have the headroom to cope with expansion.

They need uninterrupted scalability, not to mention the ability to switch smoothly to a quality IT service provider in the first place.

We find that most businesses who come to us, do so because they are experiencing one or more of the following issues:

PRODUCTIVITY

Their workforce was spending too much time trying to resolve – or waiting for their IT support people to resolve- a technology issue that was preventing them from doing their core job effectively. This results not just in wasted productivity, but also damages morale and focus and seriously reduces job satisfaction.

TRANSFORMATION

A lot of companies do not have sufficient clarity to know which business technologies they should be adopting, let alone how to integrate them efficiently into their existing work practices or how to train their personnel to utilise them. These companies are allowing their more technically savvy competitors to gain an advantage., e.g., through enabling effective hybrid working etc.

SECURITY

Cyber Security has steadily risen to the top of the agenda for many companies as the industrialisation of cyber-crime has grown inexorably. What is now simply a normal part of organised crime has become an unfortunate daily reality for millions of businesses across the world. Hacking and ransomware attacks are ubiquitous and unfortunately, many businesses approach us after they’ve experienced a security breach, whereas we would much rather they were already clients and had been protected from that breach occurring.

We don’t need to tell you that there are tens of thousands of IT consultancies out there, all vying for your business.

However, we wanted to use our updated messaging to try to crystallise and convey what makes us stand out, at least in the opinion of the hundreds of clients we’ve delighted and satisfied since 2004.

So here are some of the key differentiators that have attracted and kept so many happy clients over the years:

  • We are a certified Microsoft Gold Partner across multiple competencies. This puts us in the Top 1% of Microsoft Partners worldwide
  • We are a dedicated team of 23 in-house professionals with a vast collective experience across the full spectrum of IT and Business Technology services.
  • We are a real, physical company of people, many of whom have worked together for many years, not a disparate group of remote workers
  • As can be seen from our accreditations, we pride ourselves on keeping our training up to date and to the highest standards, an essential aspect of any successful company in our always rapidly evolving sector
  • Crucially, we have carefully honed and developed our proprietary CYAN Technology Program™ over the years to consistently provide the ultimate in thorough, efficient, and excellent professional IT and business technology support. It is a tried, tested and proven program, always tailored to each client
  • We make Sustainability a core value. Of ever-increasing importance in the modern business world, we ensure all our services are delivered with sustainability at the top of the agenda.
  • We guarantee that moving from your existing service provider to CYAN will be a simple and painless process with limited to no disruption to the operations of your business with The CYAN Easy Switch Promise™

So, please take a few minutes to browse through our new website and then if you like the sound of a team of technology experts who are driven by a passion for empowering business with the best that IT can deliver, get in touch.

Believe us when we say six months from now, you’ll wish you’d taken this approach years ago, as so many clients have told us!

Industry News Roundup December 2020

Wrapping up the year, we’ve got: a new study showing working from home cybersecurity vulnerabilities; spreading awareness of a nasty malware campaign targeting browsers; and announcements from Microsoft Teams. 

Cybersecurity Risks Threaten 2 in 5 Brits Working From Home 

Coronavirus forced many businesses into remote working during the pandemic, but how are UK businesses handling cybersecurity risks?  

new survey from Internet Service Provider and web-host Fasthosts reveals that 2 in 5 Brits are at risk of cyber-attacks while working from home due to a lack of cybersecurity knowledge, over half of Brits dont use a VPN, and a quarter of Brits have had household members come into contact with confidential data.  

This data highlights the importance of taking cybersecurity measures with work-from-home employees and protecting personal and company data through the use of VPNs, awareness of scams, data backups, virus protection software, and security best practices 

Read the full report over on Fasthosts’ blog. 

Persistent Malware Campaign” Targets Major Browsers  

Data from the Microsoft 365 Defender Research Team revealed a widespread malware campaign that can affect multiple browsers. The browser modifiers, dubbed Adrozek,”  inject harmful ads into search results, add browser extensions, and change browser settings against the users will. 

Affected browsers include Microsoft Edge, Google Chrome, Mozilla Firefox, and Yandex Browser. The multi-browser reach indicates a level of sophistication different from previous browser-modifier malware campaigns which typically target a single browser. Microsoft urges personal and business users to defend against malware infections and stay informed, alert, and cautious.  

For an in-depth look at the malwares problems and Microsofts tips for preventing infection, visit the Microsoft blog. 

Microsoft Teams Outlook Integration

Microsoft has announced that in March 2021, Teams will receive an update enabling Outlook integration. Outlook on the web and for Windows will allow sharing email conversations and attachments to Teams, and Outlook for iOS and Android will allow starting a chat in Team with email recipients.  

The feature, which should be useful for business users, especially when conducting internal meetings, should help to provide a productivity and efficiency boost amid remote working. 

Head to Microsofts website to view the Microsoft 365 Roadmap. 

Industry News Roundup August 2020

We aim to keep on top of all the latest IT developments here at Cyan, and like to make sure our customers are kept in the loop as well.  Each month we round up the most relevant and newsworthy information from around the internet, and deliver it straight to you in simple terms that doesn’t skimp on details. This time, we’re talking cyber security as Microsoft Office allows phishing simulations and there’s an eye-opening look at cyber-attacks during the pandemic.

Microsoft Research shows Uptake in Digital Cyber Security

The Covid-19 crisis and lockdown period plunged businesses across the globe into chaos, forcing companies to quickly look more closely at their cyber security measures. New data from tech giant Microsoft recently released showed that the pandemic caused a huge 58% of businesses surveyed to increase their security budgets, while an even bigger 82% expressed an interest in hiring security staff in the future.

The report also released details on the most popular security measures adopted during the pandemic. 20% of businesses had invested in multi-factor authentication (MFA), while endpoint device protections came in second at 17%.

Check out the full report on the Microsoft blog.

Microsoft Office Enables Phishing Simulations

Phishing emails are the kind of nightmare you want to stop before they’ve even started. Which is why we’ve welcomed the news this month that Microsoft has added an attack simulator to their Office 365 package.

Users who have signed up for the Office 365 Advanced Threat Protection (ATP) Plan 2 will soon be able to run imaginary scenarios on spear phishing, password spray, and brute force attack to test their employee’s responses. Phishing emails remain one of the main forms of cyber attack, and are often easy to miss, which is why Security Awareness Training is a security-must.

For more information, head over to the Microsoft website.

SMEs at Increased Risk of Cyber Attacks

Small businesses already have it tough enough, but a report from global recruiter Robert Walters has uncovered some worrying statistics regarding SMEs and cyber crime.

The report, carried out in collaboration with data provider Vacancysoft, showed that there are around 65,000 cyber security attacks on SMEs every day, and at least 4,500 of those end up being successful. Data breaches can cost companies vast amounts of money, data showed, with each attack having the potential to cause £2.48m worth of damage.

To read the full report, head over to the Robert Walters website.

Industry News for July 2020: Remote Working

We aim to keep on top of all the latest IT developments here at Cyan and like to make sure our customers are kept in the loop as well.  Each month we round up the most relevant and newsworthy information from around the internet and deliver it straight to you in simple terms that don’t skimp on details. This time, we’re talking remote working; there’s new tools, new rules, and an interesting survey from Lenovo to check out.

Study Finds Productivity Increase in Remote Workers

Tech giant Lenovo released the findings from a recent study this month into how employees across the globe are adjusting to remote working conditions.

Titled ‘Technology and the Evolving World of Work’, the study surveyed 20,000 newly remote workers from various industries and organisations across the globe – and uncovered some interesting results. Overall, remote working seems to be winning a lot of fans. A huge 63% of people reported that they felt more productive at home, and 52% hope to continue doing so. Respondents were excited about the future of technology, with over 75% saying they were looking forward to engaging with 5G, AI, and Machine Learning.

There were some concerns, though. Top challenges were identified as a reduced personal connection with co-workers, and difficulty in working collaboratively. Security was an issue, too, with a massive 72% of people worrying about personal data breaches on their work devices.

You can check out the full report over on the Lenovo website.

NCSC Launches Remote Working Test Tool for Small Businesses

The National Cyber Security Centre (NCSC) added an exercise for home and remote working to their Exercise in a Box toolkit this month. The move came in a bid to help small and medium-sized businesses test their security levels after employees found themselves suddenly working away from the office.

Launched last year, Exercise in a Box is a kind of ‘cyber fire-drill’ which sets role-play exercises and allows companies to refine their responses to cyber attacks. Home and Remote Working is the tenth exercise in the series, and focuses on helping to reduce the risk of data compromise while staff are working from home. Three key areas are covered; accessing networks safely, secure employee collaboration, and remote management of cyber incidents.

You can read more, or sign up for Exercise in Box over on the NCSC website.

Vodafone Launches Support Platform for SME

It’s been a good month for small and medium-sized businesses with regards to technology and IT. Vodafone has teamed up with entrepreneur Piers Linney to launch their new platform V-Hub, which aims to boost business owners’ digital skills and allow them to work more efficiently.

V-Hub has been designed to be super easy to use, with three segments:

  • Remote Working focuses on working collaboratively and boosting staff wellbeing
  • Digital Security concentrates on cyber protection for SME and staying safe online
  • Digital Enablement goes into detail on how businesses can boost their online presence and branch into eCommerce

The free guidance comes at a great time, as many small and medium-sized businesses continue to struggle through the effects of Covid-19. To find out more about V-Hub, or to listen to the small business podcast, head over to the Vodafone website.

Have You Considered These Risks to Your Business?

The dangers of cyber risks and threats to a business aren’t at the top of the agenda for many small and medium sized companies, but they should be. In recent years, the increase in high-profile data breaches has increased dramatically, and affected millions of people globally.

And because of the increasing commonality of these threats, society is becoming somewhat desensitised to the alarming numbers of risks that affect thousands of large-scale corporations that hold masses of personal information.

It’s often reported that big businesses are hit all the time. For example, Facebook, Tesco Bank, Talk Talk, Travelex and Three Mobile are recent prime examples. It can be forgiven to think that start-ups and small businesses are less of a target, but the reality is that no business, big or small, is 100% safe in the current climate. In fact, International Data Corporation (IDC) recently revealed that approximately 71% of data breaches are now targeted at small businesses.

What is a Risk and what is a Threat?

Before you strategically plan how to prevent your business from being affected by cyber-attacks, it’s essential to understand the difference between a risk and a threat.

Risks are business issues with technical aspects that impact, and is impacted by, all areas of the organisation. The risk element is the potential for uncontrolled loss of something of value, so in the case of data, this would include sensitive information or programs, for example.

A threat can be both unintentional and intentional, targeted or non-targeted attack. A threat can come from a variety of sources, including foreign nations engaged in espionage and information warfare, criminals, hackers, scammers and even disgruntled employees and contractors working within an organisation.

In a nutshell, a risk means the potential for loss, damage or destruction of an asset due to a threat exploiting a vulnerability. While on the other hand, a threat is what we’re trying to protect against. This can be in the form of vulnerability, weaknesses or gaps in a security program that can be exploited by threats to gain unauthorised access to an asset.

In most cases, small and medium sized businesses will deploy several technical defences such as Firewalls and Anti-virus software to protect their organisation from such threats. While these technical defences help protect the business, additional steps do need to be taken.

These additional steps are often forgotten about or not considered as they aren’t seen as technologically positioned, but they are a critical starting point for reducing the overall risk to the organisation. These additional steps include:

Leadership

In all organisations, information security needs to be driven from the top down. Most information security initiatives will fail without the support and sponsorship from the Board. The information security strategy needs to align with the business strategy and objectives to ensure the business is doing all it can to prevent serious attacks.

Behaviours and Culture

Information security isn’t just about technology, people also play a critical role. Everyone in the organisations plays an active role in information security and should be tooled with the knowledge on what to do and what not to when faced with a cyber risk or threat.

Asset Management

The organisation should maintain an up to date asset register of hardware and software in use within the business. Each asset should be assigned an owner and a level of criticality. As the saying goes, “you can’t protect what you don’t know you have”.

How can I mitigate these Risks and Threats?

Leadership

Leaders of any organisation, big or small, must have support from the Board or whoever is the ultimate decision-maker and change-enforcer of the business. First and foremost, it can be beneficial to become Cyber Essentials accredited. Cyber Essentials helps guard you against the most common cyber threats and demonstrate your commitment to cybersecurity.

A business must align the information security strategy with the business strategy and objectives, ensuring that this is communicated with all employees. To get started and equip you with the tools, the National Cyber Security Centre (NCSC) offers a comprehensive toolkit designed to encourage essential cybersecurity discussions between the Board and their technical experts. They also provide a free service called ‘Exercise in a Box’ which can help determine how resilient a business is to a cyber-attack.

Behaviours and Culture

The practical implementation of a measurable security awareness program can be incredibly beneficial in mitigating cyber risks and threats within a business. A security awareness program should include security news on the latest threats, information posters and regular employee training to enable your employees to detect threats within the business. What’s pivotal to employee security awareness is that they everyone within the business, no matter job role, should be trained on who to report any security threats and suspicious behaviour to.

Asset Management

Asset management is vitally important. Every piece of hardware and software that’s used within your business must be accounted for. If not already in place, the first thing to do is to create an asset register of all hardware and software within the business. Use the register to prioritise the implementation of security controls, starting with the most critical assets first.

How can CYAN help your business?

When it comes to the cyber safety of your business, it’s our number one priority. When you choose Cyan, we follow steps to ensure your business is safe against the ever-growing cyber risks and threats. Here’s how:

  • We start by understanding your business
  • We assess the security maturity of your people, processes and technology
  • We identify risks and provide recommendations
  • We can create and implement a security strategy to reduce risk within your organisation
  • We can provide and manage the latest technology to secure your company assets
  • We can provide the platform and expertise to deliver a security-aware business

For more information on how we can help secure your assets and data, get in touch.

Cyan Approved to Join NCSC Cyber Information Security Partnership (CiSP)

Cyber threats are at an all-time high, and as cybercriminals become increasingly sophisticated and threats continue to rise, organisations across the globe are becoming more and more susceptible to very serious potential cyber-attacks.

In recent years, a multitude of new and evolving cybersecurity threats have put businesses in varying industries on high alert. Increasingly complex cyber attacks involving malware, phishing, machine learning, artificial intelligence and cryptocurrency have placed the data and assets of many businesses at risk.

New Membership with CiSP

Because the safety of your information is at the forefront of everything we do, we are delighted to announce that we have been approved to join the National Cyber Security Centre (NCSC) Cyber Security Information Partnership (CiSP).

A cyber threat does not become a managed organisational risk until it is fully understood, and at Cyan, you can be guaranteed that we understand the significance of cyber risks and how to prevent them from creating a catastrophic outcome. Good situational awareness is key to managing cyber risks, and as an approved member of CiSP, we will have the full backing and regulated support to be able to ensure cyber threats to the businesses we support are significantly reduced.

In order for Cyan to have become a recognised member of CiSP, we have gone through a process of being vetted, and sponsored, which has led to us being successfully approved. Our sponsors is the highly regarded and skilled UK South East Regional Organised Crime Unit.

What Are the Benefits of CiSP To Your Business?

In recent years, there have been a number of notable attacks on both large and small-scale organisations, with some high-profile cases taking the limelight. A particular spate of cyber-attacks had detrimental effects on the political frontier, and more importantly, the government.

This particular incident was the 2017 attack on Managed IT Service Providers (MSP’s) that was conducted through popular platforms such as Gmail and Twitter (to name but a few) on which sensitive and confidential information was leaked. Following on from this targeted attack, the NCSC, which is part of the Government Communications Headquarters (GCHQ), recommended the following crucial advice to organisations who outsource their IT:

“Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.”

The NCSC recommends that MSP’s who are unwilling to work closely with customers, or are reluctant to share information, should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – “an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk.”

This reinforces the importance of being a member of CiSP. We will get early warnings of cyber threats, such as the above, meaning we can manage and prevent an entire host of potential cyber threats from actually happening to the businesses we work with.

How Will Cyan Help My Business Benefit from CiSP?

As briefly touched upon above, there is a massive benefit to you in that Cyan will always be alerted of potential cyber threats, meaning that we can act fast and take preventative measures. Some other key benefits as detailed by CiSP are:

  1. Engagement with industry and government counterparts in a secure environment
  2. Early warning of cyber threats
  3. Ability to learn from experiences, mistakes, successes of other users and seek advice
  4. An improved ability to protect your company network
  5. Access to free network monitoring reports tailored to your organisations’ requirements

From the above list provided by CiSP, point 4 refers to Cert-UK Network Reporting Service (CNR). To be described in a nutshell, CNR is a free but intellectual service that can scan for any signs of potential network abuse events (such as cyber threats or potential attacks) and vulnerable network services. These searches are conducted on an organisation’s Internet-facing services so that all possible threats can be picked up and dealt with effectively. As we’re now a member of CiSP, we are able to offer this excellent and comprehensive network protection service to all of our valued existing and future clients.

Here to Serve You

By providing enterprise-class IT solutions and exceptional support to businesses, our professional team of IT specialists, consultants and advisors are passionate about cybercrime and ensuring that your business doesn’t face what many others have to.

We work closely in partnership with businesses like yours to deliver tailored technology solutions, provide expert advice, and above all, offer comprehensive IT support. The fact that we are now members of CiSP adds another string to our bow and will help us to serve your business with the utmost professionalism and industry understanding. To find out more about the services we offer or if you’d like to know more about our new membership with CiSP and what this means for your business, please get in touch.

What Is Cyber Insurance and Does My Business Need It?

Cyber-attacks are not a new phenomenon, but they are, unfortunately, on the rise. A cyber-attack on your business can be utterly detrimental, leaving computers and computer networks exposed, disabled, and even destroyed.

Due to the rise in cyber-attacks, cyber insurance (also referred to as cyber risk or cyber liability insurance) has become a hot topic in recent years, and it makes sense as it’s always better to prevent a cyber disaster than deal with the consequences. Cyber insurance pretty much does what it says on the tin; it’s a type of insurance for businesses that’s put in place for digital threats. With so many cyber threats affecting businesses, no wonder it has become a highly popular service for SMEs and businesses, large and small around the globe.

Should My Business Have Cyber Insurance?

In a nutshell, yes. Your business more than likely should have cyber insurance in place. However, it’s important to understand what it does and doesn’t cover.

What are the Benefits of Cyber Insurance?

As technology continues to become increasingly important for a business to operate successfully, the value and need of a robust cyber-insurance policy will continue to rise. No matter the size of your business, its location or industry, the technological nature of the modern-day world exposes vulnerable businesses to cyber-threats every single day.

A cyber-attack will not only threaten your finances and disrupt your operations, but it can also tarnish the reputation of your business. In order to protect your business from the devastating effects of a cyber-attack, it’s essential that you protect yourself with a strong cyber-insurance policy that covers all grounds.

10 of the most significant benefits of taking out cyber insurance are, but not limited to:

  1. Forensic support – When you have cyber insurance in place, forensic support provides your business with near-immediate around the clock support from cyber specialists following a data breach or hack. They will be able to confirm the impact of the breach and establish solutions.
  2. Consultancy fees – Your insurer may reimburse any costs of a consultant that has helped manage a response or solution to the incident.
  3. Interruption of business – If your business experiences an IT failure or cyber-attack that disrupts the operations of the business, your insurer may cover your loss of income during the interruption. In addition, increased costs to your business operations in the aftermath of a cyber-attack may also be covered.
  4. Privacy breach costs – A breach costs clause is a single clause that provides cover for security breach costs, such as notifying customers or recovering files.
  5. Privacy liability clause – A privacy liability clause provides cover for privacy infringement claims plus any legal costs in the event of a cyber breach. This is critical for all businesses that handle or store personal information in line with GDPR.
  6. Cyber extortion – A policy may cover your business if it’s infected by ransomware or other malicious software that attempts to seize control of or withhold access to operational or personal data until a ransom or fee is paid.
  7. Digital asset replacement expenses – In the event that your business’ digital assets are corrupted, lost, or altered in any way by a cyber-criminal, your policy may cover the costs incurred.
  8. Reputational damage – Your policy may recover lost profits directly attributable to cyber-attacks. Particularly those that have been detrimental to the reputation of the business and/or any of its employees.
  9. Management liability – Your policy may cover costs associated with defending senior management from cyber-attack fallout.
  10. Restoring data – After a massive security breach, your insurer can help to cover costs for restoring vital business data.

While there are many benefits to having cyber insurance in place, it’s equally important to understand what’s not included. For instance, if you’re using outdated or unsupported software or systems, many cyber insurance policies will not cover you.

Examples of this are using end of life operating systems such as Windows 7 or end of life equipment such as a Firewall that is no longer receiving firmware or security updates. However, when you do choose to take out cyber insurance, speak with the insurer about the terms and conditions and what potential breaches could affect your policy.

How Much Should I Expect to Pay for Cyber Insurance?

First and foremost, when it comes to buying the right cyber insurance for your business, what’s important to understand is what your business’ assets are worth. An example of an asset could be a laptop, workstation, server or database, and, more importantly, the information or data that it contains.

In most cases, a robust cyber insurance policy will cost in the region of £1000 per year. It’s also important to invest in training employees to recognise and react at the first signs of cyber compromise. Often, cyber insurance can create a false sense of security, so splitting your budget between a robust cyber security policy and trained and knowledgeable staff can strike the perfect balance.

Something to remember is that once you’ve taken out an insurance policy, you shouldn’t just leave it and get on with things. Your cyber insurance policy should be reviewed regularly and updated based on the continually evolving needs and current cyber-threat dangers directly related to your business. Above all, invest your budget wisely with a certain per cent in preventive controls with the leftover percentage invested in insurance.

What Level of Cover Do I Need?

The insurance policy requirements of every single business will differ based on a number of factors. But a good starting point would be to speak with different insurers to see what they can offer you. Things to consider include, but are not limited to:

  • The amount of sensitive information stored
  • Where sensitive or confidential information is stored
  • What measures would need to be taken if your business experienced a data breach
  • What the costs would be to replace the damaged software/hardware
  • Does your business have trained employees to mitigate the damage?
  • Does your business require the assistance of external security specialists?
  • Does your business have PR staff to deal with crisis management if a data breach occurred?

Answering the above questions and gathering as much information about your business as possible will help you get an idea of how much insurance coverage your business may require.

How to Pick the Right Insurance Provider?

It’s essential to shop around and speak to different providers, understanding what each can offer your business in times of crises. Word of mouth is the strongest form of marketing, so it may also be beneficial to speak with other industry professionals for recommendations.

At Cyan, we’ve got a great track record of helping small and medium-size businesses put the right cyber security measures in place. We can work with you to develop a strong cyber security policy document that will act as a protective umbrella for your business. We can also help audit and review any policy that you may already have in place to ensure that it is fit for purpose. Contact our expert team today to find out more.

What Is Ransomware and How Should I Protect My Business?

With more and more business transactions taking place online, it’s vital that you have the correct and preventative measures in place to protect your business from cyber-attacks. One form of cyber-attack that has been on the rise in recent year is ransomware. But what exactly is it?

Ransomware is malware that demands some form of payment from an individual or business in order to recover control of their computer or data. Most commonly, when it comes to personal attacks, the attacker will encrypt personal files on the victim’s computer in a way that means they cannot be opened unless the victim has access to the decryption key. Thus, access to the decryption key is what the attacker wants the victim to pay for. In other cases, such as in a business setting, the attacker may threaten to publicise or leak sensitive information that could be detrimental to business.

A Spike in Ransomware

Based on data from a report by California-based cybersecurity firm, SonicWall, findings revealed that in the first 6 months of 2019, ransomware was on the up. Here are some key findings:

  • Ransomware volume was up 15% globally
  • Encrypted threats spiked 76%
  • IoT malware attacks were up 55%
  • Malware attacks across non-standard ports dipped 13%
  • With bitcoin value spiking, crypto-jacking volumes were up 9%

What’s more worrying is that the firm reported; “The UK has been the biggest target for ransomware attacks for the first half of 2019 with the number rising 195%, as compared to the 59% reduction in attacks of the same kind in 2018, it has been claimed.”

They went on to say that “Almost half of all infected businesses in the UK now opt for paying the ransom.” This is the main reason that ransomware has spiked. In addition, with more businesses taking out cyber insurance, there is a higher chance that a business will just fall back on their cyber insurance policy and let their insurance provider pay-out, making ransomware a lucrative business for attackers.

High-Profile Attack

In recent cases of ransomware, Travelex is among one of the more high-profile cases. On New Year’s Eve 2019, hackers launched their attack on the Travelex network. As a result, the company took action by taking down its websites across 30 countries to, in their words, contain “the virus and protect data”. The way in which Travelex handled this attack really highlights the importance and need for a good business continuity plan (BCP) should the worst happen.

But despite ransomware being a lucrative venture for hackers, it’s not just large companies like Travelex that are being hit. In relation to this, Simon Bond, CEO of Cyan, says; “Unfortunately, it has become more common for cyber criminals to develop and use sophisticated tools to target the vulnerabilities of smaller businesses.”

“These vulnerabilities are caused due a range of system issues such as technical glitches, unpatched software, or by hardware that hasn’t been configured properly. However, the most common of the vulnerabilities tend to involve employees who use weak or compromised passwords, or inadvertently click on something that opens the business up to an array of issues.”

Glyn Cheesman, IT Security Manager at Cyan, believes many cyber criminals know that SME leaders may not truly understand the impact and importance of cyber security. He goes on to say, “We live in an age where cyberattacks continue to evolve, and of course there is a threat to businesses of all sizes, but it’s particularly more challenging for small to mid-size businesses. It’s therefore critical for companies to understand the risks and work on developing strong risk-mitigation strategies to lessen the devastating impact of cyber threats and attacks.”

How Do I Protect My Business?

The best thing you can do to protect your business and colleagues is to cyber insure your business. Insuring against cybercrime and data risks means you’re protected against new and existing threats, but with cyber insurance, your business will you will also receive help with the practicalities of getting experts to restore systems, recreate data and deal with any demands being made where data is stolen.

Additionally, you can carry out some good business practice to prevent cyber-attacks, which include but are not limited to:

  • Ensuring access control is in place. Restricting user access can limit the extent of the encryption to just the data owned by the affected user. Often, employees can have access to data that’s not relevant to their role. Therefore, it’s crucial to re-evaluate the permissions placed on shared network drives regularly in order to prevent the spreading of ransomware. System administrators with high levels of access should always strive to avoid using their admin accounts for email and web browsing.
  • Backing up your data. Organisations should ensure that they have thoroughly tested backup solutions in place whether controlled in house or externally. But remember that backed up files should not be accessible by machines that are at risk of encountering ransomware. Remember that backups should not be the only protection you have in place against ransomware; the implementation of adequate security practices will mean not getting ransomware in the first place.

To Pay or Not to Pay: What to Do If You Are Held to Ransom?

The general advice is not to pay if you or your business are held to ransom. However, it is likely that in some cases, insurers will pay out on your behalf depending on the specific circumstances. The reason businesses are advised not to pay out is because there is no guarantee that the attacker will provide the decryption key and/or not sell or publish any company sensitive information.

Almost half of all infected businesses in the UK now opt for paying the ransom, but if you do find yourself in that situation, immediately report the incident to your IT helpdesk. In addition, report the attack to the authorities and your cyber insurance policy provider.

Top Tips to Protect Your Business Against Ransomware

It may not happen, but it’s always better to have preventative measures in place should your business encounter ransomware. There are a few ways to do this, including:

  • Implement an incident response plan to help identify, respond and recover from an attack. This will include the steps you plan to take should your business encounter an attack.
  • Ensuring there are strong technical and administrative controls in place with security control frameworks.
    • A secure and robust Internet connection
    • Secure/password-protected devices and software
    • Robust access control measures in place
    • Updated virus protection software
    • Keep your devices and software up to date

For further advice and to discuss implementing robust and secure security measures, get in touch.