How to Create a Cyber Security Policy for Your Business

Whether you are a new start-up, an existing small or medium size business or a large corporation, dealing with cyber security risks is vital in the modern commercial environment.

According to the Government’s Cyber Security Breaches Survey 2019:

  • Nearly a third of businesses have identified cyber security breaches or attacks in the last 12 months.
  • This resulted in a negative outcome, such as a loss of data or assets, in 30% of cases.
  • Only 33% of companies have a cyber security policy in place.

This last statistic is astounding when you consider the threat from cyber criminals that we face at the moment. While a cyber security policy can’t fully guarantee you won’t become a victim of cybercrime, it greatly improves your chances of avoiding a breach and gives you the tools to respond if one does occur.

What is a Cyber Security Policy?

All businesses have certain assets, including data and software, that they need to protect. A cyber security policy is a formal document that can be used by a whole range of stakeholders to understand their responsibilities and what measures are in place to protect the technology and assets of the business.

Most importantly, it is not a document that is set in stone. It needs to be reviewed regularly and updated to respond to current and future cyber security threats.

Who Should Be Involved in Creating Your Cyber Security Policy?

A cyber security policy is not simply put together by your IT service provider. It involves input from a wide range of individuals. That includes management and leaders within your organisation, HR departments that may need to enforce dissemination of the policy to employees, and even a legal team who may need to input on the wording of the document.

Main Elements of a Cyber Security Policy

The core part of your cyber security policy should outline the risks that your business faces and why the measures you are taking are important. It should also outline who is accountable for implementing the policy and the processes that need to be followed in respect of a breach, including following current GDPR guidelines.

Obviously, the complexity of the cyber security policy will depend on the size of the business and the number of different departments that may be affected.

From the perspective of employees, providing guidelines on the daily use of technology within the business is also important. It should include guidance on:

  • Password control: including how to store passwords, how to create robust passwords and how often these must be updated.
  • Email protocol: including how to spot potential phishing emails, not opening links or attachments from dubious sources, deleting suspicious communications and methods for blocking spam, scam or junk emails.
  • Dealing with sensitive data: including how data such as customer details are stored, how they are used and who has access to them, as well as measures for deleting data that is no longer needed or legally required.
  • Using removable devices: including the safe use of USB/flash sticks and preventing malware attacks by scanning before opening removable devices.
  • Using technology and hardware: including using BYOD and accessing hardware such as laptops outside of the business environment.
  • Social media and accessing the internet: including protocols for what is appropriate information about the business to share on social media and guidelines on which sites are allowed to be accessed during work hours.
  • Managing cyber security breaches: including who takes the lead and has responsibility, who needs to be informed, and what action must be taken.

The last point is an important one for all businesses nowadays, especially in light of the introduction of the General Data Protection Regulation in 2018. Businesses that don’t have the appropriate measures in place and fail to follow the current guidelines not only face damaging their own reputation they can be liable for huge fines or prosecution.

Auditing Your Cyber Security Policy

As we said at the beginning, your cyber security policy should be a live document that is regularly updated. There should be regular times where the policy is reviewed and assessed in line with current business goals and cyber security threats. This should include:

  • How the current cyber security policy is working in the real world.
  • The exposure of your business to both internal and external threats.

Using Your Cyber Security Policy Properly

It happens in a number of businesses that the cyber security policy is developed and covers all the bases required. Unfortunately, it is not disseminated properly to those who need to know. If you have a policy that is stuck on the equivalent of a shelf gathering dust, it’s not going to be much use.

Included in the policy and implemented by your business in the real world is how this information is going to be conveyed to relevant stakeholders, including employees. That can involve, for example, training new and existing staff to spot phishing emails, regularly updating the current security threats facing the business and ensuring that robust passwords are used for accessing data and software.

How Cyan Solutions Can Help

There’s no doubt that cyber security is a serious concern for businesses across the UK, whatever their size. It’s also a huge challenge to get all the pieces in place that deliver the protection individual businesses are looking for.

Creating a cyber security policy is a vital process in setting up the infrastructure to keep your business safe online. You cannot entirely trust, for example, that all your employees will follow the right protocols all the time. But you at least need to have a formal document that outlines and reinforces what their responsibilities are.

At Cyan Solutions, we’ve got a great track record of helping small and medium-size businesses put the right cyber security measures in place. We can work with you to develop a strong cyber security policy document that will act as a protective umbrella for your business. We can also help audit and review any policy that you may already have in place to ensure that it is fit for purpose. Contact our expert team today to find out more.

How Often Should You Audit Your Business Cybersecurity?

For many businesses, cybersecurity tends to sit in the background. It’s something we often seem to have a lot of confidence in without really fully understanding it. The only time we pay attention and question its suitability is when something goes wrong.

As it is one of the more important parts of running a modern company or organisation, it pays to step back and have a review of your cybersecurity processes, software and hardware on a regular basis.

According to Forbes recently, cyberattacks are only like to get smarter over the next few years and we all need to be on guard to prevent breaches.

Why You Need Regular Cyber Security Audits

The first thing to note is that you can’t say whether your business cybersecurity is performing as expected unless you carry out an audit. Most IT services will advise that this needs to be done on a regular basis, either monthly, quarterly or even just twice a year as a bear minimum.

A lot will depend on the size of your organisation or business, of course, and how many different departments you have. It’s much easier to keep track of a company that has ten employees than one which has thousands. Another factor is the amount of confidential data you handle and the sector you operate in.

What is a Cybersecurity Audit?

A regular audit is something that can be carried out fairly easily and, in some cases, remotely. It’s a service that many outsourced IT support companies provide nowadays. If there has been an incident or issue with your IT infrastructure, however, it pays to have a more in-depth audit that considers a wider range of parameters.

This kind of audit tends to use more advanced technology and will not only look at the software installed but the practices that you employ in your business.

You may have had a security breach or data loss, for example. It’s important to discover how this occurred and what processes you need to put in place to improve security. Or you may have updated or put in a new system, in which case, you’ll want to ensure your cybersecurity is working well with it.

There can be plenty of other reasons to carry out a more intensive audit. For example, if the compliance laws change for your business (as happened for many companies with the new GDPR). Perhaps you’ve merged with another business and want to ensure IT services across the board are uniform.

Outsourcing Your Business Cybersecurity Audit

It’s important to work with a partner that is able to deliver the kind of audit you are looking for. There are off-the-shelf auditing packages available but these may not be entirely suitable, especially if your company has specific cybersecurity needs.

Outsourcing your business cybersecurity audit to a third party is the most popular route and has a number of advantages, not least that you have access to the appropriate level of expertise. It’s not easy to find suitable companies that have a track record of delivering security testing within a range of organisations.

You should be looking for one that has a deep knowledge of operating platforms and understands how your business security fits into these and other IT deliverables. The other thing you will want is an IT audit service that will give you clear reports which you can then act on. Good communication is key.

While you may be able to undertake at least some of this internally, for a deeper audit most companies will lack the appropriately qualified staff. Even using the latest auditing software, it can be difficult to decipher the results and come up with appropriate recommendations if you do not have expertise in this area.

A competent audit team will be able to:

  • Interpret the data from your audit and understand how to action any changes to your systems.
  • Prioritise which are the most important factors and what steps you need to follow to improve your business cybersecurity.
  • Understand if information is missing and what other software and scans need to be applied to provide a full picture of your current cybersecurity.
  • Set benchmarks so that you have a baseline for future audits and a clear understanding of what you need to achieve.

At Cyan Solutions, we work with a wide range of businesses across different sectors. We understand that each company has its own set of requirements when it comes to fulfilling strong cybersecurity. Our team works closely with all stakeholders to ensure that we deliver a robust audit that keeps your business safe.

Contact us today to find out more.

Top Benefits of Outsourcing Your IT Requirements

Top Five Benefits of Outsourcing Your IT Requirements

When running a growing business, it can feel like you’re a bit of a one-man band trying to balance various aspects of the businesses needs. In some areas of your business, it can be beneficial to keep the workload in-house, and even employ a specific team to handle it, but it just isn’t always practical to try and manage everything yourselves.

Outsourcing, or hiring an external company to manage specific areas of your business, is a familiar and popular option for many businesses, and thousands choose to outsource their IT requirements to seasoned professionals. There are a wide range of benefits to outsourcing your IT requirements.

Experienced and Certified Professionals

Information Technology is a complicated and challenging area to tackle, and without appropriate training and experience, it is impossible to get right. When it comes to hiring an in-house IT team, if you’re not IT trained yourself then how do you assure a potential employee is qualified? Certifications are great, but previous experience of managing a business’s IT requirements is invaluable.

By choosing to outsource your IT requirements to a professional company, you are guaranteed to get knowledge that an individual IT employee doesn’t have. IT service companies have a heap of experience in managing IT requirements for a business, and they often see related problems multiple times and will already know the best solutions and prevention techniques.

Controlled Costs

By outsourcing IT requirements, you are converting fixed IT costs into a variable cost that is much better for budgeting. You will only be paying for the services you use as and when you use them, as opposed to a fixed cost to the business every single month, even if no major IT changes have been made.

As well as reducing and controlling IT running costs, outsourcing can also result in considerable savings in labour costs. Recruiting and training IT staff can be costly, and with no guarantee as to how long an employee will stay with the business, it is a cost that you may have to pay every few years. Outsourcing allows you to focus your human resources efforts in other areas of the business where you need it the most.

Stay Ahead of the Game

When a business tries to manage all of their IT requirements in-house, it often takes a lot longer to get projects and developments completed. This is because there is a higher level of research, development and implementation time required compared with using an outsourced IT provider.

All of these things also increase the cost of new developments and slow down the whole process meaning your competitors might be making game-changing developments while you are still in the researching phase. A fully managed outsourced IT service will have the resources and knowledge to begin new projects immediately, compared with in-house where you may need to hire new staff, train them and provide the necessary support.

Increase Security and Reduce Risks

IT service providers will constantly be keeping up to date with specific industry knowledge, especially when it comes to security and compliance, that an in-house team simply might not be aware of. Outsourcing provides you with a reduced risk of coming across any issues, and an IT company will often have better expertise when deciding how to avoid certain risks to your business.

With the huge rises in cybercrime to businesses recently and the added pressure of GDPR, it is essential to keep your IT systems security as tight and secure as possible. Your in-house team may struggle to know the best practices and methods to keep your company and customers safe, but an outsourced IT team will be well aware of all PCI compliance standards and the best way to keep everything up to date and safe from attackers.

Strategic Planning

IT service providers have years of experience working with different clients and industries and will focus on keeping up to date with the latest technologies, making them the perfect team to help your business grow and expand. Many outsourced IT companies will be able to advise you on your business’s future IT requirements by evaluating your growth and planning how your IT infrastructure needs to support this.

At Cyan Solutions we work in partnership with our customers to support their technology ambitions. This allows us to deliver innovative solutions that meets your business’s specific needs now and in the future. With technology constantly changing, it is difficult to know yourself what IT requirements you will need in the future. But, by choosing to outsource to professionals, you will be getting expert guidance and support to help your business grow.

Switching over to Cyan is a simple, easy, seamless transition. It can seem overwhelming to make such a significant change to the way your business operates, but the benefits are clear, and successful growth often requires change. Call us today to see how we can help transform your business.

Managing Security With Remote Workers

Remote working is increasing rapidly. Staff who are travelling for business, working at home or commuting still want access to the same information they can receive while in their workplace. The increase of remote working undeniably helps organisations as well as assisting remote workers to stay in the loop and be efficient.

With remote working, staff can be more productive, there is a contingency plan in place and data can be shared with ease. However, with the increase in remote working comes an increased risk of security breaches. Those who are accessing work data inappropriately could be breaching the security and confidentiality of the business. For the organisation, particularly with GDPR in place, it is essential to manage and bolster security systems, so that remote working does not leave your business vulnerable.

Why is managing remote working important?

With employees that are keen to access work information outside of the workplace shows a commitment and conscientiousness to your organisation. However, many employees do not realise the risk they pose to the security of your business.

Recent studies have shown that almost a quarter of employees would use free WiFi hotspots to access their work emails. As well as this, 28% of employees will email work documents to and from their personal email address. Many employees do not realise that unsecured connections such as WiFi hotspots can pose a significant threat to cybersecurity, with cybercriminals being able to access information on low-security connections.

Fortunately, there are several ways that organisations can reduce the risk and help to manage security with remote workers.

How you can manage security with remote workers

Strong passwords

Having a secure password can give protection from hackers and more peace of mind if a device is lost or stolen. Organisations can implement password requirements such as having a minimum number of characters as well as asking for multi-characters. Organisations can also ask employees to have different passwords for different systems as well as imposing a two-step log-in process.

Create public WiFi guidelines

It is not always feasible for remote workers to connect to trusted networks, particularly when travelling or staying in a hotel. However, you can create a cybersecurity policy which explains how to use public WiFi with the most care. It is wise to define what systems they can access and which they need to refrain from when using a potentially unsecured network.

Mobile device management

As well as securing mobile devices with passwords, it is also essential to help boost your security if laptops or mobiles are lost or stolen. Utilising mobile device management software or applications can help your business to track lost or stolen devices as well as implementing additional security to protect business assets on the device.

Use the cloud

Hosted cloud desktop providers will use data encryption technology to transport data throughout the company intranet. If employees log in to your system using a cloud-based virtual desktop, there will be added encryption for confidential information between the remote worker and the business. Providers of cloud-based hosted desktops will typically have a range of security certification for additional peace of mind.

Monitoring

Your business can take advantage of 24/7 monitoring of your security systems which can help to quickly identify a threat and help you to prevent or reduce the issue rapidly. 24/7 monitoring will also help your business with future security planning as you can start to uncover common problems that your business faces. Using monitoring to protect your network will include analysing all remote workers as well as all of the mobile devices in your organisation.

Training

Many employees do not receive robust cybersecurity training that includes remote working. Staff should regularly receive cybersecurity training that helps them to understand the risk and how specific actions such as using public WiFi and public computers can threaten security. Using monitoring alongside training can help you to enforce your cybersecurity policies and make it easier to focus the training on specific issues that threaten your business.

Email encryption

As emails are one of the most popular technologies for remote workers, one of easiest ways to improve your organisation’s security is by using email encryption applications. Investing in the management of corporate email and using the safest technologies for email is essential for many businesses who use email without even thinking about its vulnerabilities.

If you need help securing your IT for remote workers, call us today so we can help you plan and implement a robust cybersecurity strategy.

Our Guide To IT Budgeting

Budgeting for your business is never easy. One of the hardest aspects to budget for is your IT strategy and requirements. Whether you base it on projects, annually or quarterly, it can seem impossible to know how to budget when you must manage costs and prepare for unexpected situations.

However, when IT budgeting is crafted correctly, it can serve as a useful and influential roadmap for the future of the business and the strategy you are taking. Your budget can not only be the plan of finances but can be how you communicate where you want your technology strategy to be and how it can help the organisation as a whole.

A good IT budget will not only help you to prepare for the costs of the project or year but will also help you to set your priorities, so you know what to aim for and what is vital for your business. Not only does the budget help the IT department, but it also helps line managers in other departments. They can see and input the activities that lie ahead and help your IT plans to be supported across the company.

So, how do you start to prepare your IT budget?

How to prepare your IT budget

Firstly, the organisation needs to decide how best to allocate the IT budget. Some organisations want to assign an IT budget to each department and use a chargeback system. For some businesses, this can work, for others, it can be too complicated and challenging to instigate and work effectively. Either way, the IT department itself will need its own budget for day-to-day maintenance.

It is essential to begin your budget so that it provides a level of detail that builds a substantial case for approval but also doesn’t require micro-management. It needs to be flexible but still be a driving force behind your technology plan.

Secondly, you need to include the vital aspects of your IT budget.

Eight essentials to include in your IT budget

1. Upgrades

It is likely that you will need to upgrade outdated software and hardware and it is best to be prepared for the cost of this.

2. Staffing

While some IT staff costs may be covered through the HR budget, you may need to incorporate staff into your IT budget whether you are expanding the team, promoting, increasing training or purchasing new equipment for the team to use.

3. Software

Software can sometimes seem like an unnecessary expense, but software can help to make staff more efficient and productive, which can, therefore, cut costs and boosts profits for the overall organisation. Regarding software budgeting, always run a cost/benefit analysis. Remember, you don’t have to spend your entire budget just because you have allocated a cost.

4. Cloud

The use of cloud technology continues to increase, and your business needs to prepare for it. Whether you expand into more cloud-based solutions, require more storage or need to strengthen your cloud security systems, this will take a chunk of your budget.

5. Mobile technology

Handsets quickly become outdated, and data plans increase rapidly. You need to account for increasing spend whether this is for new employees, upgrades for all staff or incidents when devices are lost, stolen or broken. As well the devices and data, you may need to also account for applications that enhance security such as mobile device management.

6. Training

The IT department has considerable responsibility for maintaining cybersecurity across the whole organisation. As well as strengthening systems internally, the IT department will need to deliver regular training to ensure staff remain complaint with IT policies and do all they can to support cybersecurity for the business.

7. Backup

Your budget will need to account for a backup solution, whether you need data back-up to a variety of locations or upgrading your own backup hardware. Within this you may also need a back-up for internet connection should your chosen solution fail, and you need to get everyone back online quickly.

8. Disaster

Every IT budget should declare a proportion of the budget for disaster planning. There could be many aspects that go wrong, from broken hardware to data compromises or server issues. Whatever aspects that you manage within the IT department make sure to dedicate a proportion to covering any disasters that may occur.

Flexible planning

While it can be stressful to make sure every pound is allocated correctly, it is important to remember that fluctuations will happen, and you need to prepare to be flexible. Always consider your budget as a work in progress and try to tweak it where you need to so that your strategy remains on track.

If you need advice on IT budgeting or are looking to upgrade your technology solutions for cost-saving, security and efficiency, then get in touch with Cyan Solutions to find out how we can help.

Does a lack of cloud computing standards compromise its use?

Cloud computing is now utilised by a large number of SMEs to the benefit of their respective organisations. We believe that every business should be benefiting from the cloud. However, many of the most common issues that new businesses have in utilising cloud-based technologies comes from misinformation.

In this article we look at one of the most commonly cited cloud computing myths.

Overcoming misconceptions about the cloud can be a big challenge when launching new projects. Understanding how cloud technologies work and what they can deliver can be difficult enough without the facts being distorted.

With misinformation comes false expectations. With false expectations comes false understanding. And false understanding can lead to projects being started with an incorrect direction. As with any new technology, it is of paramount importance to understand exactly what can be expected before you launch.

As cloud computing is in it’s (relative) infancy, it’s understandable that we have seen a fair share of myths and misinformation. These can distort your planning stages and, as a result, jeopardise projects. In order for you to better make an informed decision about what cloud services are right for your organisation, we want to look at one of the biggest cloud computing myths…

“A lack of cloud computing standards compromises its use.”

We have heard the above statement made on multiple occasions by a variety of different professionals from different backgrounds. At its heart is a very understandable concern. What these professionals all want to be sure of is that standards are in place that won’t jeopardise the viability of their project further down the line. But a lack of centralised cloud computing standards is unlikely to be as much of an issue as thought.

While it is right so suggest that with new technologies comes a lack of standards across the board, this doesn’t necessarily correlate to a compromisation of usage. For the majority of SMEs, the lack of cloud computing standards shouldn’t be viewed as a barrier. The reason is simple – each cloud provider has their own specific tools that allows users to handle a portion of their platform.

At this point, when the user has access to a single cloud provider, adherence to standards doesn’t and shouldn’t matter.  What matters is that the user is able to use their cloud provider’s own management tools to handle, amongst other things, operating systems, hardware and application software.

Their may be some issues – but not so much that they can’t be overcome

It is important to note that a lack of cloud computing standards could become an issue for certain projects. In particular, if your project focuses on building applications that are tightly coordinated between your own personal data-centre and the cloud, or different cloud providers, you are going to need to tune your problem management practices for the cloud. But you’d need to do this if there were standards anyway.

Rather than dismiss the cloud on these grounds, it’s far better to weigh the potential pitfalls against the alternatives.