Press release by Vice Chair of the Worcestershire LEP Business Board, Steve Borwell-Fox of Borwell Ltd.
Last month (July 2015), the government announced a new scheme to help protect SMEs from cyber-attack. Digital Economy Minister Ed Vaizey launched the scheme, which will run until October 20th.
Up to £5,000 of funding is available for start-up, micro or small and medium-sized enterprises. The idea is to work with an external expert to gain the knowledge to innovate and grow the business. This voucher is only for cyber security advice and training, which leads to certification under the new Cyber Essentials Scheme (CES). Many Worcestershire businesses have already attained Cyber Essentials this year.
Suggested measures for Worcestershire based businesses include:
- Information Assurance (IA) – have an IA consultant review your policies and procedures for handling data at rest and in transit
- Commission a Vulnerability Assessment (VA) – this looks at all aspects of the business and information ‘touch points’ internally and in the supply chain
- Commission a Penetration Test, and more importantly, act on the results – a team of experts will ethically (with permission) attempt to hack into your systems like a hacker (illegally, without permission) might do. A detailed report is provided, with recommendations and remedial work to do. They perform a retest later
- Technology refresh plan – Still using Microsoft Windows XP or Microsoft Small Business Server 2003? These are defunct and potentially insecure. What about website, web applications and other software? Over 70% of websites are vulnerable. Having software reinstalled, updated or even completely rewritten is a great way of increasing information security
- Cyber Essentials Scheme (CES) – achieve this accreditation, or start here and work towards ISO 27001. There are many providers that can help you with this journey
- Workshops and Training Needs Analysis – most important asset – people, most risk to business – people. Therefore, don’t just buy new hardware and software, use external experts to run workshops with your staff to ensure that everything works securely together – people, processes and technology. Identify skills gaps, training courses and training pathways for key staff responsible for data and IT in the business. There is no silver bullet, just a careful combination of several strategies and projects to reduce overall cyber risk
- Put cyber security on the agenda – report in ‘cyber risk’ to each Board Meeting. Show that there are defined contingent plans (protect and prevent) and containment plans too (prepare), and an incident response plan or template to use when bad things happen
Benefits and outcomes
As many of the following should be the goal of one or projects in the business:
- More secure systems
- Intellectual Property (IP), designs, customer project data – all better protected on the corporate network or in business systems
- More ‘cyber savvy’ staff
Where to get help?
Luckily Worcestershire is a step-ahead in the fight against cyber-crime and cyber-attack prevention. Start with the Centre Manager at the National Cyber Skills Centre (NCSC) in Malvern, 01684 585111. The NCSC also has a very helpful information website, at insights.cyberskillscentre.com.
Speak with security experts within Worcestershire, mention the scheme to them. Obtain quotes from several suppliers, and then complete the application process on the innovateUK website.
Good luck, and stay cyber-safe in business. Use your improved security as an enabler to win new business more confidently.