Month: May 2024

Uncategorized

Cyber Security Defence and Data Protection Solution At An Affordable Price

Proactive Cyber Security Defence (https://hah2.co.uk/protective-monitoring)

Protective Monitoring (which we now refer to as Proactive Cyber Security Defence), a phrase well known in the corporate world which gets immediate understanding of what it is, and what it entails.  But in the SME world, not so much.  Basically, it focuses on the growing cyber security threats and how companies can protect themselves.  We’ve found it’s a very poorly understood subject outside of the corporate world and we have therefore re-designed and re-priced it, specifically for the SME market.

We’ve seen global cyberattacks increase by 38 per cent compared to the previous years. The rise in cybercrime is not sparing UK businesses, with a total of 2.4 million instances of cybercrime reported within the last 12 months across various industries.

What is it? (https://hah2.co.uk/protective-monitoring)

So, what is protective monitoring?  It refers to the process of continuously monitoring an organization’s systems and networks for potential security threats and incidents. This includes analysing logs, monitoring network traffic, and identifying and responding to any suspicious activity. For small and medium-sized enterprises (SMEs), protective monitoring is essential to protect their sensitive data and prevent cyber-attacks. Many SMEs may not have the resources or expertise to implement comprehensive cybersecurity measures, making them more vulnerable to cyber threats.

Detect and Respond

By implementing protective monitoring practices, SMEs can detect and respond to security incidents in a timely manner, reducing the impact of potential breaches. This can help prevent data loss, financial losses, and damage to their reputation. Additionally, protective monitoring can help SMEs comply with regulations such as GDPR and other data protection laws, which require organisations to have measures in place to protect personal data. Overall, protective monitoring is a critical component of a comprehensive cybersecurity strategy for SMEs, helping them to mitigate risks and protect their valuable assets from cyber threats.

It’s Like Cyber Insurance

Protective monitoring can be like insurance for your data – you might not think you need it until disaster strikes. Cost is always an issue for SMEs and traditionally protective monitoring has been a bit pricey, but then so is insurance and can you put a price on peace of mind? Plus, it’s probably cheaper than dealing with a data breach down the line. Wouldn’t it be nice if there was a solution on the market that looks not just at the protective monitoring piece, but also at your data protection needs (https://hah2.co.uk/gdpr-data-protection), all at a price that an SME can afford, whether you are at the S end or the M end, perhaps hovering just below the corporate market, of the SME market.

Awareness and Resource

Many Boards appear to be struggling to understand the intricacies of cyber risks. Fifty-nine per cent of directors admitted that their boards are not effective in comprehending the drivers and impacts of cyber risks on their organisations.  Why would that be?  Well often it’s simply a lack of awareness of the issues involved.  A big issue with SMEs, as well as poor awareness, remains a lack of resources and expertise in the field of cyber security.  They are very reliant on outside support and often attempt to get that support from the local IT company that provides their hardware and software, often managing those resources. This is coupled with Managed Security Service Providers (MSSP) ignoring the SME sector primarily because of cost.  The services they provide traditionally have simply been too expensive. 

Solution – https://hah2.co.uk/

But what if there was a system designed and managed on behalf of SMEs, which addressed the issues that they face daily, at a price they can afford.  What if you can see those issues, highlighted in front of you, using your own data, rather than a demo using dummy data, how much better to help you understand what is happening on your network.  We are offering that opportunity, a FREE trial to try this out.

A good cyber security strategy has always been founded upon strength in depth.  Sound security architecture, good cyber awareness training, solid access control and identity management, and the ability to protectively monitor your estate for threats, vulnerabilities, and risks.  And this latter is what we’re looking at today.

To make this doubly effective and doubly affordable, we have combined a protective monitoring solution with a data protection solution and titled it the Cyber Security Defence and Data Protection Service.  OK, not very catchy but it does nicely encapsulate what it is.  And I can hear your scepticism from here, you’re thinking that sounds pricey.  Well, it is priced at £24 per seat per month, so if you have 20 IT users, then the price is £480 per month.

It’s a cloud based system that requires no expensive infrastructure, and it requires no presence on your site.  It is managed remotely by us and monitors your end points regardless of where they may be.  So, with today’s mobile workforce, it doesn’t matter where your employees are, in the office, at home or on the move, their endpoints are still being monitored.

The key to making this affordable and appropriate for SMEs, is automation, which is becoming more and more possible using AI enhancements.  I’ve highlighted before that here at H2 we are constantly on the lookout for innovative solutions that allow us to provide appropriate and effective services to our clients, at a price that is affordable.  And we think we’ve found another gem.

What’s Covered?

The following services are provided as standard:

  • External and Insider Threat Detection.
  • Ransomware Protection.
  • Data Leakage Protection.
  • Data Privacy and Compliance.
  • Built in Encryption Capability.
  • Automated Cyber Awareness Training.
  • Phishing Simulation. 

Cyber Security Insurance

And as bonus, if you wish, a cyber insurance policy starting at around £400 annually, which is priced according to the risks identified within the service, i.e., the more the risk is reduced, the more the premium is reduced.

We Can Manage This for You

This whole package is offered as a managed service so that the risk, risk reduction, reporting and monitoring is all carried out by us, within the incredibly low price shown above.  And as we’ve already highlighted, we are offering a free demo and a free trial.

Data Breaches and their consequences General Security Issues

DATA PROTECTION – HOW BADLY COULD I BE HIT?

How does data protection effect SMEs?

Data Protection, a somewhat dry subject that many companies, particularly SMEs, think they can get away from by simply paying a bit of lip service.  The Data Protection Act 2018, or as it has become known, UK GDPR, is far from a toothless beast and can cause businesses to find themselves in all sorts of problems if they’re not careful.

Businesses that you might not think about, like Estate Agents, hold large amounts of personally identifiable information or PII, that is information that can identify a living individual. 

Are SMEs subject to punitive fines?

Not so long ago a London estate agent was fined £80,000 by the Information Commissioner’s Office (ICO), after leaving the personal data of more than 18,000 customers exposed for almost two years.

The incident occurred when the estate agent passed the details from its own servers onto a partner company. An “Anonymous Authentication” function was not switched off, which meant there were no access restrictions to the data.

It’s surprising just how much PII estate agents hold.  Just think about what they ask for when you’re buying a house.  In this case the exposed details included bank statements, salary details, copies of passports, dates of birth and addresses of both tenants and landlords.

But in some cases that might not be the end of it.  Individuals can sue companies that release data into the wild.  In fact, there are now law firms advertising no win no fee when representing these cases.  Remember that data breaches almost always involve multiple people, sometimes hundreds if not thousands of records.

What size does a business need to be for the regulations to apply?

The regulations apply to all businesses large and small, although some exceptions exist for SMEs. Companies with fewer than 250 employees are not required to keep records of their processing activities unless it’s a regular activity, concerns sensitive information or the data could threaten an individuals’ rights.  Just exposing PII can threaten an individual’s right to privacy.

Just about everyone processes personal data of some sort.  Data that can identify a living individual.  HR data will have bank account information, home addresses, NOK, phone numbers, maybe references from previous employers.  The exposure of some or all of that could be judged as prejudicial to an individual’s rights.  Some companies may have bigger problems, for example Solicitors, Estate Agents, Financial Advisors and Recruiters (the list is not exhaustive), which hold an abundance of personal data about their clients, much of which, under other legislation they are required to retain for up to 7 years.

Do I need written policies and processes?

Yes – What this means is that a significant number of policies and processes will need to be written and taken into use by the organisation.  It is not unusual for many to visit the web and download templates to cover their requirements.  However, whilst these templates in themselves maybe adequate when used by someone who knows what the requirement is, they may be less than effective in the hands of someone who is just looking for a quick tick in the box.

How is GDPR effected by cyber security?

The Act requires personal data to be secured by ‘default and design’.  This means that cyber security requirements must be designed into your protections.  This could mean at least another 6 or 7 policies and procedures.

How can I keep track of all my PII holdings and keep it secure?

When we are first approached by a prospective client and we begin our offer of a 30 day free trial to examine their requirements, one of the first things we find is that they don’t know what data they are holding, or where it all is.  Oh, they have a general idea; it’s on the cloud server(s), it’s not on laptops or desktops, it’s just the stuff we need to process our clients’ requirements and yes, we’ve only got one copy.  And then we install our software that first carries out a discovery exercise and we discover that their laptops/desktops are holding lots of copies of the data that is on the cloud server(s).  How does that happen?  Over time, especially with many now employing the hybrid system of working, ie between the office and remote (home) locations, employees log on to the cloud, find they have a bit of shaky internet link and download the data they need, work on it and then upload it again, forgetting to delete it from their machine.  Or they need to share it and attach it to an email and send it out, forgetting, or perhaps not realising, that the data is now stored, attached to an email, on their email server.

Then comes the issue with audit trails.  If the ICO ever wanted to carry out an investigation, then having an audit trail of who created/copied/deleted/forwarded what to who, is essential.  And let’s not forget the member of the public who is fully entitled to submit a Data Subject Access Request or DSAR, which demands that you reveal what data you are holding on that person.  The law insists on it, and you can’t refuse it.  I know of a financial firm that took nearly 3 weeks to satisfy a DSAR, taking an employee off billing, for that time.

Are there solutions suitable and affordable for SMEs?

We have a solution that meets the requirements and not only that, has a built in encryption system, all within the same monthly cost.  It’ll cost you nothing to trial it and we’d be very surprised if once you’ve seen it and seen the ridiculously low monthly charge for the managed service, you don’t want to keep it.

Check it out at https://hah2.co.uk/gdpr-data-protection/

General Security Issues Risk Analysis and Security Strategy

Business Continuity Planning

How many SMEs have a business continuity plan in place should they be subject to a cyber-attack that seriously disrupts business to the point where you can’t process and order, raise an invoice or get in essential supplies.  It happens, don’t kid yourself and business continuity is not the same as disaster Recovery.  Business Continuity and Disaster Recovery are two closely related concepts that are often used interchangeably, but they serve different purposes within an organization.

Business Continuity refers to the proactive strategies and plans put in place to ensure that essential business functions can continue in the event of a disruption or disaster. This could include natural disasters, cyber-attacks, power outages, or any other event that could disrupt normal business operations. Business Continuity planning typically involves identifying critical business processes, implementing redundant systems and processes, and developing communication plans to ensure that the organization can continue to operate smoothly in the face of adversity.

Disaster Recovery, on the other hand, is focused specifically on restoring IT infrastructure and data after a disaster has occurred. This could involve recovering lost data, restoring systems and networks, and ensuring that IT operations can resume as quickly as possible. Disaster Recovery planning typically involves creating backup systems, implementing data recovery procedures, and testing these plans regularly to ensure they are effective.  Both are critical components of a comprehensive risk management strategy and should be integrated into an organization’s overall resilience planning efforts.

In general, along with your insurers, the IT support company you have under contract, should be able to help you with disaster recovery, which is often defined by a physical disaster ie fire, flood etc, as well as a cyber-attack.  Business continuity on the other hand requires much more thought and planning.

In essence then, business continuity is the ability to recover quickly and continue operating when there has been a serious disruption to the business function caused by equipment failure, power outage, fire, flood, or other type disruption (manmade or otherwise).  Business continuity may be achieved through resiliency – which is an essential part of system architecture, associated with business continuity planning.  Resiliency considers the business impact and corresponding plans to restore business functionality after a disruptive event.  However, as many SMEs have carried out no real risk assessment and have no real risk management plan in regard to cyber security, then it is unlikely that they have a system architecture robust enough to take account of this requirement.  The exception is that the majority have taken to cloud computing which goes someway to achieving resilience, although that was probably not their primary reason for going down that road.

There are 4 elements that are essential to the business continuity component of the security operations function are as follows:

  • Business impact assessments (BIA)
  • Disaster recovery planning.
  • Business recovery planning.
  • Plan, testing and analysis.

Arguably the most important is the BIA, developing an understanding of what could happen to the business if the loss of systems, leading to the loss of access to critical data and the ability to continue to function efficiently, should a disaster overcome you.

These are the issues all business owners should get to grips with and here at H2 we understand that it isn’t easy, and that advice and guidance is necessary.

Cyber Awareness Training General Security Issues Ransomware, Phishing and other Malware

Phishing – as much a problem today as it’s ever been

Think phishing is old news? You won’t believe why it’s still the number one nightmare for CEOs and business owners.

Ever find it odd that phishing, an old trick in the cyberbook, keeps CEOs awake at night? Guess what, it’s not budging from that top spot.

Here’s the deal: cyber villains always stay ahead. If you develop a shield, they craft a spear. They’re all out to make your employees act impulsively, falling into traps on all communication fronts.

Ever thought about arming your business against phishing, without the tech jargon? Let’s discuss uncomplicated, everyday measures to secure your digital turf.

1. Training: Educating your team about phishing scams is the first step. A well-informed team can spot such scams.

2. Double-checking: Emails from ‘official’ sources often aren’t. Encourage your team to verify before replying.

3. Regular updates: Keep your systems and software updated, they often include security enhancements. Phishing is a persistent threat, but with the right non-technical measures, your business can uphold security. Ready to fortify your cyber defences? I’m here to help.

Questioning the efficiency of your cyber defence is valid. But to provide any assurance about your training methods and protections, we need to monitor and measure.

Here at H2 we take place great store in crafting solutions for SMEs that are appropriate to them, and as such, are very affordable.  We know how difficult it is to keep up with everything that is going on around you, it can be an absolute nightmare and you are going to be laser focused on your core business.  We believe we have come up with a service that is very affordable, and that provides SMEs with the protections they need, in an appropriate way.

In the dynamic world of cybersecurity, staying ahead of evolving threats requires a comprehensive approach that adapts to the ever-changing landscape. At H2, we recognize that one-size-fits-all solutions often fall short, which is why we’ve married together two solutions which we fully manage, to address the needs of our clients.

Our approach is grounded in sound risk management principles, ensuring that our solutions are aligned with your specific cybersecurity requirements. Whether you need one or more of our solutions, we can tailor a solution that meets your exact needs and budget.

We offer a fully managed Security Monitoring Data Protection (GDPR) that provides the following:

  • External and Insider threat detection.
  • Ransomware protection.
  • Data Leakage Prevention.
  • Data privacy and compliance.
  • Inbuilt encryption capability.
  • Automated cyber awareness training programme.
  • Vulnerability Assessment.
  • Phishing simulation.
Scroll to top