What Is Cyber Insurance and Does My Business Need It?

Cyber-attacks are not a new phenomenon, but they are, unfortunately, on the rise. A cyber-attack on your business can be utterly detrimental, leaving computers and computer networks exposed, disabled, and even destroyed.

Due to the rise in cyber-attacks, cyber insurance (also referred to as cyber risk or cyber liability insurance) has become a hot topic in recent years, and it makes sense as it’s always better to prevent a cyber disaster than deal with the consequences. Cyber insurance pretty much does what it says on the tin; it’s a type of insurance for businesses that’s put in place for digital threats. With so many cyber threats affecting businesses, no wonder it has become a highly popular service for SMEs and businesses, large and small around the globe.

Should My Business Have Cyber Insurance?

In a nutshell, yes. Your business more than likely should have cyber insurance in place. However, it’s important to understand what it does and doesn’t cover.

What are the Benefits of Cyber Insurance?

As technology continues to become increasingly important for a business to operate successfully, the value and need of a robust cyber-insurance policy will continue to rise. No matter the size of your business, its location or industry, the technological nature of the modern-day world exposes vulnerable businesses to cyber-threats every single day.

A cyber-attack will not only threaten your finances and disrupt your operations, but it can also tarnish the reputation of your business. In order to protect your business from the devastating effects of a cyber-attack, it’s essential that you protect yourself with a strong cyber-insurance policy that covers all grounds.

10 of the most significant benefits of taking out cyber insurance are, but not limited to:

  1. Forensic support – When you have cyber insurance in place, forensic support provides your business with near-immediate around the clock support from cyber specialists following a data breach or hack. They will be able to confirm the impact of the breach and establish solutions.
  2. Consultancy fees – Your insurer may reimburse any costs of a consultant that has helped manage a response or solution to the incident.
  3. Interruption of business – If your business experiences an IT failure or cyber-attack that disrupts the operations of the business, your insurer may cover your loss of income during the interruption. In addition, increased costs to your business operations in the aftermath of a cyber-attack may also be covered.
  4. Privacy breach costs – A breach costs clause is a single clause that provides cover for security breach costs, such as notifying customers or recovering files.
  5. Privacy liability clause – A privacy liability clause provides cover for privacy infringement claims plus any legal costs in the event of a cyber breach. This is critical for all businesses that handle or store personal information in line with GDPR.
  6. Cyber extortion – A policy may cover your business if it’s infected by ransomware or other malicious software that attempts to seize control of or withhold access to operational or personal data until a ransom or fee is paid.
  7. Digital asset replacement expenses – In the event that your business’ digital assets are corrupted, lost, or altered in any way by a cyber-criminal, your policy may cover the costs incurred.
  8. Reputational damage – Your policy may recover lost profits directly attributable to cyber-attacks. Particularly those that have been detrimental to the reputation of the business and/or any of its employees.
  9. Management liability – Your policy may cover costs associated with defending senior management from cyber-attack fallout.
  10. Restoring data – After a massive security breach, your insurer can help to cover costs for restoring vital business data.

While there are many benefits to having cyber insurance in place, it’s equally important to understand what’s not included. For instance, if you’re using outdated or unsupported software or systems, many cyber insurance policies will not cover you.

Examples of this are using end of life operating systems such as Windows 7 or end of life equipment such as a Firewall that is no longer receiving firmware or security updates. However, when you do choose to take out cyber insurance, speak with the insurer about the terms and conditions and what potential breaches could affect your policy.

How Much Should I Expect to Pay for Cyber Insurance?

First and foremost, when it comes to buying the right cyber insurance for your business, what’s important to understand is what your business’ assets are worth. An example of an asset could be a laptop, workstation, server or database, and, more importantly, the information or data that it contains.

In most cases, a robust cyber insurance policy will cost in the region of £1000 per year. It’s also important to invest in training employees to recognise and react at the first signs of cyber compromise. Often, cyber insurance can create a false sense of security, so splitting your budget between a robust cyber security policy and trained and knowledgeable staff can strike the perfect balance.

Something to remember is that once you’ve taken out an insurance policy, you shouldn’t just leave it and get on with things. Your cyber insurance policy should be reviewed regularly and updated based on the continually evolving needs and current cyber-threat dangers directly related to your business. Above all, invest your budget wisely with a certain per cent in preventive controls with the leftover percentage invested in insurance.

What Level of Cover Do I Need?

The insurance policy requirements of every single business will differ based on a number of factors. But a good starting point would be to speak with different insurers to see what they can offer you. Things to consider include, but are not limited to:

  • The amount of sensitive information stored
  • Where sensitive or confidential information is stored
  • What measures would need to be taken if your business experienced a data breach
  • What the costs would be to replace the damaged software/hardware
  • Does your business have trained employees to mitigate the damage?
  • Does your business require the assistance of external security specialists?
  • Does your business have PR staff to deal with crisis management if a data breach occurred?

Answering the above questions and gathering as much information about your business as possible will help you get an idea of how much insurance coverage your business may require.

How to Pick the Right Insurance Provider?

It’s essential to shop around and speak to different providers, understanding what each can offer your business in times of crises. Word of mouth is the strongest form of marketing, so it may also be beneficial to speak with other industry professionals for recommendations.

At Cyan, we’ve got a great track record of helping small and medium-size businesses put the right cyber security measures in place. We can work with you to develop a strong cyber security policy document that will act as a protective umbrella for your business. We can also help audit and review any policy that you may already have in place to ensure that it is fit for purpose. Contact our expert team today to find out more.

The Cyber Security Basics You Should be Covering Now

Achieving full protection when it comes to cyber security risks can seem daunting for even the smallest of businesses. Even if you can’t access the huge budgets that big corporations have at their disposal, there are some basic solutions you can put in place to protect your business.

5 Cyber Security Basics You Can Implement Relatively Cheaply

Even if you are a small or medium-size business with a very limited budget, there are a number of solutions which need to be implemented with relative immediacy.

1. Understand What Assets Are At Risk

We use a wide range of devices to access software and the internet nowadays. You might use a desktop in the office, a laptop at a local café or a smartphone or tablet while on the move. Software and data is no longer placed on a protected server within the organisation but can be accessed from anywhere in the world via the cloud.

Our assets when it comes to cyber security are more wide-ranging and, in some cases, can seem quite nebulous, than ever before. They are all, however, vital to daily operations and need to be protected. It’s important to know what you use and how it might affect your online security.

That means carrying out a regular inventory:

  • What hardware such as desktops, laptops and smartphones do you have?
  • If you use remote workers to support your business, how are you connecting to them and protecting data?
  • What remote or local servers are you using?
  • What cloud services are you and your staff employing?
  • What virtual machines are you using? What software?

This inventory gives you the basis for understanding your cyber security risks and needs. For example, you may allow BYOD in your business which can present specific challenges when you incorporate your software and data sharing onto someone’s private device.

2. Fill in the Gaps

Once you do an inventory, the likelihood is that you will spot areas where your security isn’t covering your business as you might like. This can happen for a variety of different reasons:

  • You may not have implemented a cyber security solution in the first place.
  • There might have been a solution, but it was turned off by someone using the software.
  • You might already have been the victim of a malware attack that turned the security measure off.

Once you know where the problems lie, you have the chance to put things right and repair your system so that it works more effectively.

The more assets that you use in your business, the more complicated it can be to address all the issues, especially if you are short of time. That may mean outsourcing your IT to a third party who can ensure the gaps are plugged, allowing you and your teams to focus on the business. The key here is that plugging the gaps in your security should be a priority.

3. Auditing Permissions

Who has access to the vital parts of your business? Most companies will limit permissions depending on what job someone does and their position within the organisational structure. These are often not monitored closely enough which means that the potential for a cyber security breach increases. For instance, if someone gives another person their password to access important information, it is putting your business at risk.

It’s also important to check things like user passwords and how these are managed:

  • Are they robust and are they changed at regular intervals?
  • Do some people have access to more areas in your business than they really need?
  • Are there old accounts still operational even though staff have left the business?

Checking permissions on a regular basis is important and will ensure that everyone has the right access and security is kept intact.

4. Developing a Cyber Security Policy and Implementing It

It’s important also to have a cyber security policy for your business, even if you are an SME. The purpose of this is to provide the framework on which all your company security works.

It should include clear guidelines on how employees should behave online, how they use your data and software, who is responsible for ensuring compliance, and what you need to do in the event of a breach.

Even if you do have a cyber security policy in place, it’s vital to ensure that this is being implemented properly. That means having a regular audit to check processes are being adhered to and any changes that need to be made are actually being made and recorded.

For example:

  • You may have run a training session to make staff aware of your cyber security policy and what is expected of them. But have you onboarded new employees properly? Do you need to provide a refresher session?
  • Is the person who is responsible for implementing certain parts of your cyber security policy doing it properly? Do they need further training, or do you need to change personnel?
  • Are there things that need to be added to your cyber security policy following changes in the operation of your business?

5. Embrace Automation

Finally, it’s important as much as possible that you don’t leave your cyber security at the mercy of human error. That includes making sure you have automatic updates and patch downloads for devices rather than waiting for employees to do it themselves. Automation not only reduces human error it can save time and money as well.

When you undertake your audit, do it with a mind of looking for areas where you can include automation.

Cyber security is most certainly a big challenge to businesses, particularly SMEs. These small steps should help tighten up and streamline your current posture and keep you safer online.

If you’d like to find out how a fully managed, tailored IT support service can benefit your business, contact the team at Cyan Solutions today.

3 Reasons Businesses Are Still Getting Their Cyber Security Wrong

Cyber security is one of the biggest challenges faced in the business world today. How do you protect your online services, including the sensitive data of your customers, effectively while still being able to function productively?

The list of recent high profile cyber security breaches highlights how difficult a challenge this really is. The 2018 attack affecting 500 million customers of Marriott Hotels and the more recent 2019 breach of Facebook user records that exposed 540 million accounts are just two examples.

Data breaches and cyber security attacks are not solely a problem for large corporations and big business. Small and medium-size commercial enterprises are just as vulnerable. The truth is, businesses are still failing to implement the strong security measures that are needed in the 21st century.

Here, we identify three major issues that business cyber security faces today. These are areas where many are failing to implement the right policies and procedures or having difficulty keeping up with the latest technological advances through lack of time and lack of budget.

1. Prioritising Cyber Security Risk Management Across the Business

Many companies we speak to say they have difficulty managing cyber security risks across their whole enterprise. There’s no doubt that the security landscape has become increasingly complicated over the past decade, so this isn’t a surprise.

Where having a solid virus and firewall protection in place was the basic requirement in years gone by, businesses now face a whole host of different threats. This highlights the importance of not only having a full cyber security policy in place that is adaptable to future threats and changes but ensuring it is communicated properly across the business.

One important issue is the huge increase in companies that operate a “bring-your-own-device” (BYOD) policy where existing hardware is boosted by employees using their own smartphones, tablets and laptops. While these add a certain level of convenience, they also increase security concerns and challenges.

Simple processes such as updating and patching software when necessary can become a hit and miss affair with many businesses when there is not a concerted attempt to prioritise cyber security risk management.

Certain parts of the business may be protected adequately but others can still be vulnerable. In addition to this, many businesses, particularly small to medium-size enterprises, may be entirely unaware that they are vulnerable through lack of knowledge.

2. The Need for Prioritising at Management Level

We also find that executive-level managers and leaders are often most focused on creating growth and moving their business forward. An issue like cyber security does not bring in money and it can be an expensive undertaking simply to keep up with the basic requirements.

Without the input and engagement of C-suite business executives, it can’t be expected that the rest of the workforce take their responsibility seriously. When you consider that 2018 was the biggest so far for data breaches, this represents a real dereliction of duty for leadership teams and priorities are not being aligned to address the real threat of cybercrime.

3. Shortfalls in Business Cyber Security Budgets

The final, significant issue that stops businesses developing the correct IT security posture is budget. In some cases, this can be because there simply isn’t the money to develop adequate systems and processes. In others, it comes down to managers and executives prioritising budgets for other ‘more important’ projects, usually focussed on growth and business development.

This latter point is also undoubtedly influenced by a lack of understanding of the role that cyber security plays in the business environment. With this being an increasingly complicated landscape, it is difficult to keep up with the current developments without having the appropriate IT staff on board at executive level who can provide clear and meaningful advice.

For small and medium-sized businesses, employing someone directly to provide IT services is often prohibitive and can drain a significant part of the cyber security budget before any measures are even put in place.

Improving Your Business Cyber Security

The challenges facing companies of all sizes cannot be underestimated. The first step in making sure that your organisation is on top of its cyber security measures is to stop treating this issue as a purely technical problem. Businesses also trust their IT professional to ‘do the right thing’ far too often and don’t delve too deeply into the different aspects of cyber security and what it means to their operation.

In most cases:

  • Businesses want to hand over responsibility to someone else or an external third party without putting in the hard yards to understand the issues and find solutions in a more collaborative way.
  • A business can also fall into a false sense of security – nothing has happened so far, the cyber security must be working well.
  • A business may have certain areas covered but not be aware, through lack of knowledge or even lack of interest, that there are vulnerabilities elsewhere that are just as threatening.

Cyber security takes place in a broad ecosystem where each individual component has the potential to impact on its neighbour. It’s important to work with a partner that understands the current challenges in cyber security and is focused on getting to know your business and working with executives to deliver an adaptable solution that protects the entire ecosystem rather than a few small parts.

A business cyber security breach could expose your client data, stop your systems working and cause untold damage not just to your ability to function but your reputation in the wider commercial world.

At Cyan Solutions, we provide a full cyber security management and support service that protects your business, adapting to current and future threats and ensuring you receive a tailored solution that meets your needs. Contact us today to find out more.

What to Include in Your IT Strategy in 2020

It can be easy to focus almost exclusively on your business sales and how many customers you need to find over the next 12 to 18 months. One area that needs just as much attention is your IT strategy, in particular how it aligns and supports your business goals.

For a start, too many companies, especially small to medium size businesses, look at their IT support as a static part of their operation.

In fact, any IT strategy needs regular review and must move with the times and challenges to remain relevant. It’s not just about what cyber security measures you have in place either, but the whole integration and functioning of your digital infrastructure.

An effective IT strategy will deliver a number of different benefits:

  • Enhance the overall security posture for your business online.
  • Improve ROI and boosting sales.
  • Embrace new technologies to improve business processes.
  • Spend less time worrying about your IT and more time growing your business.

Undertake an IT & business goal audit

Before you can put together a realistic IT strategy, you need to understand where your business currently sits. A needs assessment or audit is designed to highlight the areas where you may have shortcomings or might want to update or evolve your systems. It can also show where your IT is working well.

This can be a lengthy process depending on the size of your company but will give you a firm basis from which to develop future plans.

What you need at the same time, however, is to align your future IT strategy with your business goals. The more you understand the synergy between your business goals and your future IT strategy, the better equipped you will be to grow and succeed for the future.

Your IT audit should cover a number of areas:

  • What is the purpose of your IT strategy? How long does it cover and who are the important stakeholders involved in its implementation?
  • Look at what current technology you use, assess its life expectancy and create a clear inventory.
  • Look at what technical solutions you ideally need in place to support your business goals over the next few years. For example, if your aim is to reduce office costs and include more remote workers, you may want to look at file sharing and collaboration cloud-based software for your business.
  • You will need to allocate a realistic budget for the existing provision and any changes you need to make to provide your IT support.
  • There are going to be limitations on what you can do depending on that budget and you should also understand how to work within these.
  • If you are introducing new IT systems, one key factor is going to be how you implement them – What disruption is there going to be? How long is it going to take? What training do staff need?
  • It’s important to build a framework where everything comes together including timelines for implementation and how you measure success. The better your metrics are here, the more efficiently you should be able to implement any changes or improvements to existing IT infrastructure.

Cyber security considerations

One area you will certainly need to be focused on in 2020 is cyber security. There’s no doubt the challenges are increasing in this area and keeping up to date is vitally important. Smaller businesses tend to assume they are less at risk from cyber security attacks than large corporations. Nothing could be further from the truth – SMEs are seen as a prime target because they are often less protected.

You need to include a review of your current cyber security measures in your IT strategy and look at how these can be strengthened. With advances in cloud services and AI you also need a service that is flexible and easily updated.

  • How do you defend your systems from cyber security risks?
  • What systems do you currently have in place and are these fit for purpose?
  • What processes do you have in place for training staff on potential cyber security threats?
  • How do you deal with third party suppliers and the security threat they may pose?

At the very least, your IT strategy needs to include a comprehensive examination of cyber security risks and how you intend to deal with them in 2020. That’s even more important in light of the new General Data Protection Regulation and legal requirements all businesses have to meet.

Opting for on-demand services

Things have changed when it comes to IT and many businesses nowadays opt for third party on-demand solutions. These can include everything from cyber security to cloud computing and digital storage.

What this brings is the ability to tailor your provision and budget better in running your business. Most services are eminently scalable so if you suddenly see a surge in growth you will have systems in place that can react efficiently and appropriately.

If you are searching for flexibility, scalability and efficiency in your IT strategy, switching to a subscription-based solution is going to make a huge difference.

Automation and AI can make life easier

It’s the general point of IT to make it easier for a business to operate. Putting aside the cyber security support you might hope to achieve, your infrastructure needs to take advantage of the various digital transformations that are taking place at the moment.

Key to this is the growing inclusion of automation and AI in digital processes. This is particularly important for smaller businesses that want to compete with bigger companies but lack the resources to do so. AI can help, for example, with delivering a great customer service experience. Automation can mean your business doesn’t have to rely on staff to do often menial but important tasks and can even replace roles completely.

Your IT strategy for 2020 should be exploring all potential avenues and matching them to your current business goals. Put the right processes in place and they should help to move your business forward faster than you think.

Working with a great IT support service

An IT strategy can be complex and demanding to put together. That’s why it’s important to work with an IT service provider that understands business and can help you implement the core changes that are going to make a significant difference to your performance over the next 12 months.

At Cyan, we have a track record of helping businesses of all sizes match their goals for growth with their IT strategy. Contact us today to find out more.

What Does Digital Transformation Mean for Your Business in 2020?

There’s no doubt that the world of business has changed dramatically over the last twenty years. Our reliance on the digital platforms from websites and apps to pay per click advertising and social media, means that marketing to the general public is now a much more complicated affair.

Businesses have ready access to cloud IT, productivity software and a range of communication tools that, just a few years ago, would have been inconceivable to many.

What is digital transformation?

When a new digital technology comes along, you have the choice of ignoring it or using it to improve your company processes. Digital transformation generally causes some form of disruption.

Cloud services, for example, have reduced the burden of having in-house IT infrastructure. It’s given on-the-move access to important software and communication tools – staff can work remotely and have everything they need because their smart device holds the latest tools.

The disruption this form of digital transformation creates can be seen in the way many businesses are now confident employing remote/home workers to save on traditional office costs.

What does digital transformation mean for your business?

The challenge and potential of digital transformation is not so much about new software and upcoming innovations, however. It’s how your business incorporates them into its procedure, how it chooses the right tools at the right moment and how it ensures that this is all fit for purpose at both a strategic and implementation level.

Get it right and digital transformation has a number of distinct advantages:

  1. Staying Competitive
    The vast majority of businesses do not exist in a vacuum. A new technology that comes to market and makes processes more efficient may be taken up by your nearest competitor giving them a big advantage. If they are using AI to keep customers informed and happy, for example, and you are not, they’re stealing a march because their reputation is being enhanced.
  2. Becoming more productive
    One of the key reasons for undergoing a digital transformation is to make your business more productive. There is no advantage in reinventing the wheel but if that wheel is longer-lasting, improves fuel efficiency, and comfort, then it’s worth focusing on.Software like Office 365, online file-sharing and collaboration apps, and bespoke CRM’s are all examples that highlight how digital transformation has streamlined work processes and allowed businesses of all types, including start-ups, to become highly efficient and competitive in the market place.In many businesses nowadays, for example, the workforce is not contained within one office but spread throughout an area, with employees operating remotely – saving on hardware and staffing costs.
  3. Increased revenue
    At the root of all digital transformation is increased revenue for the company concerned. Whether that’s from making processes efficient and reducing staffing costs or through improving marketing communications with customers to boost sales, the single biggest factor in making a change is that all-important bottom line.
  4. Better customer relations
    Developments in AI in recent times have allowed businesses to reach out and communicate with existing and potential customers in new and innovative way. This is one area that will continue in the next few years. Another digital transformation is the variety of ways in which those customers can pay for products or services.

Staying on top of digital transformation in 2020

The challenge that all businesses have had is when and how to implement any relevant digital transformations. In 2020, this is set to remain a hugely important factor and one which will become increasingly difficult as technology evolves. Working closely with your IT service provider is going to be imperative and choosing the right moment to expand and implement will be vital.

Here are just a few of the ways digital transformation is going to have an impact in 2020:

  • The potential of 5G
    5G is finally rolling out and will take us to the next level when it comes to connectivity. Users will see faster download speeds, up to 20 times 4G. This is likely to revolutionise remote working and make it increasingly important for businesses that are trying to keep down their operational costs.5G will also feed into areas such as AI and the Internet of Things but the full impact may not be seen in business for a few more years. What you should see, however, is an increasing number of options, so keeping up with the latest tech developments is going to be vital.
  • AI and customer service
    Chatbots have had mixed reviews over the past few years and not everyone is keen on them. Businesses have found, however, that a reliable AI help service will deliver answers on the most asked questions for customers and can be a powerful time-saving tool.According to Gartner, nearly half of businesses will start to invest more in AI to streamline processes and provide a better service to customers in 2020. The good news is that those customers are also on board – we’re more focused on getting the answer we want than worrying whether we’re talking to a bot or not.
  • Analytics and staying competitive
    Analysing how your business is performing is key to success nowadays, especially online. One area where digital transformation has improved things over the last decade or so is with the various analytics packages available that provide telling insights into content performance and customer behaviour.We are now in the age of big data and the information that this provides can be seriously transformational if your business is able to leverage it effectively.
  • Security, privacy and transparency – your customers want it all!
    With the implementation of GDPR, there is a lot more pressure on businesses to ensure they have the right security measures in place. Cyber attacks are on the increase and customers expect the companies they do business with on a daily basis to protect their data.But customers also want your business to be open and transparent about what you do with that data. The challenges facing even small businesses nowadays means that a comprehensive cyber security and data protection policy is not simply something on a wishlist but an urgent necessity and one that is legally required.

Putting digital transformation at the heart of your business

Digital transformations are exciting and full of potential. But how do you know if the next innovation is right for your business? Is it best to implement something straight away and steal a march on your competitors or wait and see what the impact and advantages are?

It’s not easy for businesses to forge ahead with changes of this kind. Digital transformation generally needs money and time to implement, staff have to be trained, the effectiveness measured and changes made to adapt conditions to the needs of the business.

From IT transformation consultancy to robust cyber security, Cyan Solutions have the team in place who can provide a tailored approach to your next digital transformation challenge. Contact us today to find out more.

IT Security Strategy: What You Need to Know

Most businesses are critically dependent on the internet. Survival means having a strong IT security strategy in place. The hacking of telecommunications giant Talk Talk in 2015 reminds us that it’s not just smaller businesses that are at risk either.

The Government has taken steps to build a national cybersecurity strategy and this acknowledges that threats can come from many different sources: foreign governments or state sponsored actors, terrorists, hackers, hacktivists concerned about a particular issue, and even insiders, people who work for a company and who have a grievance of some sort.

Protecting your business has never been more important or more challenging. Having the right tools and processes in place is key if you want to stay safe.

How to Develop an IT Security Strategy

The digital landscape has become increasingly complicated over the last couple of decades. Businesses will not only operate online through portals and third-party sites but use tools such as social media to market their services and products. On top of that, they will have key IT requirements within their office environment that need solutions. Many will use remote working and promote collaboration and better communication through cloud-based services.

All this means that there is no clearly defined, one-size-fits-all IT security strategy for modern businesses.

1. Understand What You Have

The first major step to developing the appropriate IT security strategy is defining what you are trying to protect in the first place. Yes, you may have lots of customer and employee data but what about documents relating to your business such as your plan for the future or a new product you are intending to bring onto the market?

To make sense of everything, you need to understand what each asset is and clearly define its value to your business.

2. IT Security Risk Assessment

The next part of the process is to look at the current state of your IT security in relation to these assets and whether it fulfils its purpose. A risk assessment looks at a range of different aspects of your business, including the software you have in place, who has access to data, what they do with it when they are using it, and what protocols other than digital that you have in place to ensure security.

3. Elements of Strong Cybersecurity

The Government has produced a useful infographic (download here) relating to IT security which includes 10 steps all businesses and organisations should be taking:

  1. You need to implement a risk management regime that allows you to regularly review your cybersecurity processes.
  2. You must protect your network from attacks using anti-virus software and other technological solutions.
  3. You need a process in place to educate users and build awareness through activities such as staff training and the production of easy to follow practices (such as having a definitive password policy for your business).
  4. You need to establish anti-malware practices and defences to protect your business like having the appropriate software and educating staff on threats such as phishing emails.
  5. You need to limit or control the use of removable media such as flash sticks which can hold malware.
  6. You need to update your systems when a new patch or update is available and ensure they are configured properly across your whole business.
  7. You should carefully manage user privileges particularly for parts of your network that have access to sensitive data.
  8. Your business should have a process in place for handling any breach incidents or disaster recovery and be able to test these plans. If you lose data for whatever reason, being able to get up and running again may be vital to the survival of your business.
  9. Your business also needs to have in place a system or protocol for monitoring your IT and cybersecurity, producing reports and understanding if you are at risk of attack.
  10. You need to develop a policy for home and mobile working especially if you advocate using BYOD. Your company needs to create a secure baseline for all devices and build this into its cybersecurity activity.

While many businesses will be able to implement some of these measures, it can be challenging to get them all in place. That’s why it’s important to work with an IT and cybersecurity specialist to make sure all the bases are covered.

At Cyan Solutions, we have the teams in place who will be able to help you develop a robust IT security strategy that will safeguard your business now and in the future. Contact us today to find out more.

Essential Recommendations for Business IT Security

One of the key factors that effects almost every business with a digital profile is IT security. It’s a constant challenge to get right whether you are a small start-up or a large corporation.

Unfortunately, there are organised criminal gangs in this world who are fixed on trying to do us harm. It’s something that has been with us since the birth of the internet.

The biggest question we get asked at Cyan Solutions, is what best practice can be employed to ensure better business IT security.

Here’s a list of things you can do right now to help protect your business:

1. Don’t Assume It Won’t Happen to You

This is something we find with many SMEs. They think they’re too small for hackers to worry about. It’s simply not true.

Most attacks come through automated delivery such as Phishing email. The hackers and malware developers are looking for someone, anyone whose system they can get into. Whether you are just a one-person outfit or have many staff, treat cybersecurity with the same level of seriousness as you do other aspects of your business.

According to a recent report by Verizon, 71% of cyberattacks happen to smaller companies with less than 100 staff on the payroll. That is in part because there are more of them but the clear message is to be aware and have robust cybersecurity policies in place.

2. Use a Firewall

The first line of defence against cyberattacks is an effective business-grade firewall. Think of this as a barrier that repels common attacks and prevents malicious threats getting to your network. Companies often neglect to invest in this area as they don’t understand the importance of good perimeter security. They assume a generic router does the same job, it doesn’t. You need to improve network security measures if you want to remain safe online.

And, it’s not just external firewalls that are important – if you have sections of your network that contain sensitive data, for example, you may want to protect these with additional cybersecurity measures.

3. The Challenge of BYOD

Bring Your Own Device (BYOD) has largely been accepted in the business world over the last decade after some initial reticence by employers. It can often be easier for an employee to use their own smartphone or tablet or even laptop to do their work.

The trouble is that these are not generally as secure as the hardware and software that you have for your business. Staff can download the wrong apps or visit the wrong sites that open them (and your business) to potential cyberattack.

This is something that is unlikely to change in the future. BYOD offers too many benefits. The challenge is to make sure that mobile devices are updated with the right security and that staff understand their obligations.

4. Having Comprehensive Cybersecurity Policies

This brings us to the strategy for your cybersecurity protection. All businesses, whatever their size, need to have a robust set of policies that staff can adhere to. Many smaller companies do this in an ad-hoc manner which can mean their business IT security is missing vital core components. Ensure that you document your policies and make them readily available to all members of staff – including senior managers and executive teams.

5. Password Protection

It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack. Passwords should ideally include upper- and lower-case letters, symbols and numbers. For more sensitive areas of your business, you also want to consider multi-factor identification.

It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack.

Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised access to systems. Always change the default password that comes with a new device.
If two-factor authentication is available, make sure it is enabled and use it. A common and effective example of this involves a code sent to your smartphone which you must enter in addition to your password.

6. Educating Staff

One failing, particularly for smaller businesses, is not educating their staff on the right IT security protocols. There’s plenty of evidence to suggest that, even if a company has a password policy in place, in the majority of cases it is not enforced.

You have to bring your staff into the loop and make sure they are well educated with regards to cybersecurity risks. For example, User Awareness Training is a great way to educate staff to the dangers of email threats, such as Phishing attacks, which are not always easy to identify.

7. Regularly Update Your Devices and Software

It’s quite worrying the number of small and midsize businesses that do not make the effort to patch their systems, devices and software. Manufacturers release regular updates which not only add new features, but also fix security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security.

8. The Right Level of Protection

Finally, the fight against cyberattacks is a never-ending battle and you should have the appropriate virus and anti-malware software in place which is regularly updated. One big mistake businesses make is to assume that standard anti-virus software alone is adequate protection for their needs. How security should be tailored to better protect your organisation is something you need to discuss with your IT provider. Understanding what threats are targeting and putting additional layers of security in place to protect against them is an essential part to any cybersecurity strategy.

At Cyan Solutions, we deliver cutting edge IT services and support. If you want access to the best cybersecurity expertise for your business, tailored to your needs, contact our team today.

How Often Should You Audit Your Business Cybersecurity?

For many businesses, cybersecurity tends to sit in the background. It’s something we often seem to have a lot of confidence in without really fully understanding it. The only time we pay attention and question its suitability is when something goes wrong.

As it is one of the more important parts of running a modern company or organisation, it pays to step back and have a review of your cybersecurity processes, software and hardware on a regular basis.

According to Forbes recently, cyberattacks are only like to get smarter over the next few years and we all need to be on guard to prevent breaches.

Why You Need Regular Cyber Security Audits

The first thing to note is that you can’t say whether your business cybersecurity is performing as expected unless you carry out an audit. Most IT services will advise that this needs to be done on a regular basis, either monthly, quarterly or even just twice a year as a bear minimum.

A lot will depend on the size of your organisation or business, of course, and how many different departments you have. It’s much easier to keep track of a company that has ten employees than one which has thousands. Another factor is the amount of confidential data you handle and the sector you operate in.

What is a Cybersecurity Audit?

A regular audit is something that can be carried out fairly easily and, in some cases, remotely. It’s a service that many outsourced IT support companies provide nowadays. If there has been an incident or issue with your IT infrastructure, however, it pays to have a more in-depth audit that considers a wider range of parameters.

This kind of audit tends to use more advanced technology and will not only look at the software installed but the practices that you employ in your business.

You may have had a security breach or data loss, for example. It’s important to discover how this occurred and what processes you need to put in place to improve security. Or you may have updated or put in a new system, in which case, you’ll want to ensure your cybersecurity is working well with it.

There can be plenty of other reasons to carry out a more intensive audit. For example, if the compliance laws change for your business (as happened for many companies with the new GDPR). Perhaps you’ve merged with another business and want to ensure IT services across the board are uniform.

Outsourcing Your Business Cybersecurity Audit

It’s important to work with a partner that is able to deliver the kind of audit you are looking for. There are off-the-shelf auditing packages available but these may not be entirely suitable, especially if your company has specific cybersecurity needs.

Outsourcing your business cybersecurity audit to a third party is the most popular route and has a number of advantages, not least that you have access to the appropriate level of expertise. It’s not easy to find suitable companies that have a track record of delivering security testing within a range of organisations.

You should be looking for one that has a deep knowledge of operating platforms and understands how your business security fits into these and other IT deliverables. The other thing you will want is an IT audit service that will give you clear reports which you can then act on. Good communication is key.

While you may be able to undertake at least some of this internally, for a deeper audit most companies will lack the appropriately qualified staff. Even using the latest auditing software, it can be difficult to decipher the results and come up with appropriate recommendations if you do not have expertise in this area.

A competent audit team will be able to:

  • Interpret the data from your audit and understand how to action any changes to your systems.
  • Prioritise which are the most important factors and what steps you need to follow to improve your business cybersecurity.
  • Understand if information is missing and what other software and scans need to be applied to provide a full picture of your current cybersecurity.
  • Set benchmarks so that you have a baseline for future audits and a clear understanding of what you need to achieve.

At Cyan Solutions, we work with a wide range of businesses across different sectors. We understand that each company has its own set of requirements when it comes to fulfilling strong cybersecurity. Our team works closely with all stakeholders to ensure that we deliver a robust audit that keeps your business safe.

Contact us today to find out more.

Managing Cybersecurity Solutions for SMEs

Small and medium size businesses have particular challenges when it comes to cybersecurity solutions. Size doesn’t always equate to vulnerability but the fact that SMEs have lower budgets can be a major issue when it comes to protection.

Making the right choices when managing your cybersecurity needs, therefore, is important and the most recent statistic back this up.

In a 2018 survey by Ipsos Mori, two out of five small businesses identified a cybersecurity breach in the previous year. In 17% of these cases, the breach prevented the company from operating properly for at least a day. The more troubling statistic, however, is that only 58% of small businesses are likely to have sought out information or advice about cybersecurity.

Cybersecurity and GDPR

One major change your small business needs to understand is the General Data Protection Regulation. This was brought in last year and basically means that any business that holds data (which means the majority of companies or organisations) has a duty of care to protect it. That includes having the appropriate cybersecurity solutions in place, including what to do if there is a breach.

The problem is that hackers and malware developers generally unleash their nefarious activities indiscriminately and smaller, less protected businesses are a target. It’s not unusual for a hacker to specifically target a certain corporation or larger organisation but it’s rarer than the millions of attack attempts that take place on small and medium size businesses as a whole around the world.

How to Manage Your Cybersecurity Solutions

A data breach or cyberattack can happen to any business and the consequences is not just loss of customer information but damage to reputation. It can take a long time to recover. That’s why your business needs to have certain building blocks in place to help combat any potential online attack.

Here are the vital components that you need to have for your business to mitigate the risk of cyber-attack.

  • Patch management: While they might be slightly annoying on older devices, patches are there to make sure your operating system is up to date and properly protected. You’d be amazed at the number of businesses that turn automatic updating off and leave their systems open to hacking and virus attacks.
  • Regular back-ups: Another mistake that SMEs make is not backing up their data regularly. This is relatively easy to do nowadays and there’s really no excuse for not doing it. If your system crashes or your data is stolen or infected with malware, back-up allows you to recover everything and get back up and running.
  • Data encryption: This should be standard for any business, whatever it’s size. It ensures that any information in transit is kept protected, particularly when it comes to financial data.
  • Firewalls, anti-malware and anti-phishing tools: The tools that we use for our home computers are not necessarily the same that we should be using for a business that has a lot of data. Working with your IT supplier is vital to ensure that you have the appropriate software to suit your industry.
  • Mobile device management: With so many of us using our own smartphones and tablets nowadays, your business needs to understand the risks that this involves. You should have a clear, set policy for staff who use BYOD and regularly make checks to ensure this is being complied with.
  • Two factor authentication: This is where an additional authentication such as an SMS text is used above and beyond the standard password to ensure the identity of the individual looking to gain access to your data. It’s now the industry standard when it comes to logging in to accounts.
  • Secure collaboration tools: Many SMEs make use of a range of collaborative tools including Office 365, Google Docs, Dropbox and the like. Mitigating the risks of using these tools is vital in maintaining the security of your company.
  • Incident response: How you respond to an incident such as a data breach is almost as important as having the processes in place to prevent it happening. Especially since the introduction of GDPR, small businesses have a duty of a care and obligation to have the appropriate steps in place.

How to Review Your Cybersecurity Solutions

It can be pretty easy to pay less attention than you should to your IT and cybersecurity. As a small business, you probably have a lot more to worry about. Failure to spot issues or make sure your security is up to date can, however, have catastrophic consequences.

If you would like to review your current cybersecurity practices, contact the team at Cyan Solutions today to see how we can help.

What is a Typical IT Budget for a Small or Midsize Business?

Small and medium sized businesses (SMB’s) can struggle to put a figure on their IT budget. There are a lot of factors involved in developing a solution that works, not least the industry or sector, the amount of data and how it is currently controlled, as well as the various types of technology being used.

Most SMB’s have to weigh the benefits of including new technology, the potential risks to their growth if the right measures are not implemented and even their position in the marketplace.

If you are an e-commerce business, your IT requirements are going to be different from an insurance company. A business with 3 or 4 staff will have considerably less IT costs than one with a 50 or 60 or more.

How Much Should You Spend?

A lot is going to depend on the context of your IT supply and what you want from it. The first thing to say is that you should treat IT as an investment not simply the need to have set of tools to keep you safe or enable communication.

Effective IT can have numerous benefits, including:

  • Helping to streamline your business operation, including in some cases automating tasks. Boosting your agility means you are able to respond to challenges in your sector as well as give yourself the best chance of growing.
  • The latest cloud packages allow staff to operate remotely. That means you have more flexibility in your workforce. This in turn means you can encourage greater productivity as well as strengthen your networks.
  • Improved cybersecurity will ensure that you keep data and other important information safe. It will also benefit your reputation with consumers.

For a business that has no internal IT department but has about 40 employees who all rely on IT, you will be looking at an average monthly spend of £2,000-£3,000. This can actually purchase you a good deal of tech support in today’s competitive IT environment.

On the whole across all sectors, the average SMB will spend about 6-7% of its revenue on IT. There are some important areas where you should be concentrating your IT budget:

1. Replacing Old Software

Many businesses stick with the same old software way past the time it has outlived its usefulness. This is generally a false economy especially when it comes to collaborative packages that allow your staff to work more productively. Picking the right time to switch to an upgraded version of a software package or try something new entirely is a huge challenge for SMB’s.

2. Old Hardware and Old Operating Systems

Another decision that can have an impact on your business is the age of the hardware systems that you have in place. Old desktops that no longer update can present a risk not only to that particular machine but your entire network. Vulnerabilities in older operating systems such as Windows 7, which will have support terminated in 2020, can present immediate danger to your business if the hardware is not updated.

3. Cloud Computing

The cloud seems all the rage nowadays and for good reason. Cloud services have changed the way many SMB’s do business. They facilitate more efficient collaboration and access to data which can greatly improve productivity. If your business uses remote employees who work from home or you have sales staff that need access to information on the road, cloud computing is indispensable.

4. Outsourced IT Support

With the advent of cloud services, we’ve seen a substantial rise in remote IT support solutions that are specifically designed for SMB’s. Not only has this allowed the typical IT budget to come down, it’s given many businesses a more level playing field on which to compete.

The good news is that outsourced IT support is a lot cheaper than employing staff on site and can deliver a wide range of expertise. It can also be tailored to your needs at any particular moment, scalable whether you want to grow or if you need to shrink your business model and your IT.

Tips for Controlling Your IT Budget

Compared to larger corporations, SMB’s have to do a lot of work to keep their IT support costs under control while still delivering on their needs. It’s important to make sure that you have the right components in place.

  • Have a regular audit to highlight where your IT can be improved or even rolled back.
  • Be prepared to embrace new tech if it can help reduce your running costs in the long term.
  • Think of IT as an investment not a drain on resources.

At Cyan Solutions, we work with SMB’s across all sectors and industries. If you want to make better use of your IT budget in the future and really deliver transformational results, contact our team today.