Cyber Awareness Training Data Breaches and their consequences General Security Issues Identity and Access Management Ransomware, Phishing and other Malware Risk Analysis and Security Strategy Security Security Tools

All about H2

Introduction

All the information below is contained within the website but we thought it might be useful to summarise it in one post to make it easier for people who want to understand what we are all about.

About myself and H2

I like to start any discussion by saying that I’ve been in the cyber security game almost since before it was a game!  I started in Information Security at the MOD at a time when IT and databases were in their infancy and got in on the ground floor.  I subsequently went to work for the NHS, HP/HPE, CSC and Symantec, during which time I led many major cyber security projects in the public and private sectors, designing and commissioning the Security Operations Centre for the FCO, carrying out several projects for the MOD, leading the security team for the new online passport application, as well as several high street banks.

In 2013 I was asked to go to the middle east to set up a Cyber Security team covering the UAE, Bahrain, Saudi Arabia, and Qatar, growing the team from 3 people to 24.

On return my business partner and I set up H2 to serve the SME community. Sadly, my business partner did not survive the pandemic, and I am now the sole management of the company.

So why SMEs?  Surely there’s more money in corporate security?

Well yes there is, but SMEs are at the heart of our ethos.  During our time working in the corporate sector, it became clear that there was little to no support given to SMEs, either at the S, or the M end of the scale, and the big security companies and system integrators were content to leave that to their resellers ie those local IT support companies that resold their products.

Here at H2 we understand that the only real difference between an SME and a corporate organisation, in terms of cyber security, is that of scale.  We have therefore scaled our services, the products that support them, and our pricing, to fit with an SMEs issues and

pocket.   We like to say that we offer a triple A service providing solutions that are Appropriate (to you), Affordable and Accreditable (to standards such as Cyber Essentials).

Take a look at our Blog and social media posts.  We try to inform and educate, placing a link between what we know, and what SMEs need to know but are rarely told.

Solutions Provided to SMEs

The first thing that we discovered is that SMEs have a very poor grasp of cyber security issues, although that is changing following the pandemic when many were forced to change their working practices almost overnight and have subsequently embraced a distributed working model.  There is no doubt that the propensity for working from home, or other remote locations, since COVID has introduced some very difficult, or at least challenging, security vulnerabilities into SME networks.  For instance, prior to the pandemic, when they were 100% office based (except perhaps some mobile salespeople), their local IT provider will have almost certainly set up what we called the bastion security model.  Ie, like a castle, a bastion, you had a wall around you, and for belt and braces, you also had a moat.  The gateway was robust, had a drawbridge and portcullis, or let’s call it a secure firewall and anti-malware system.  Everything was locked up inside and nice and secure (in fact it probably wasn’t but that’s for another day).

Whilst Microsoft didn’t invent the term the ‘new normal’, they were the first, I believe, to apply it to IT, following the enforced change in working practices brought about by the pandemic.  Many companies have embraced this new normal and have settled into some form of hybrid working.  Of course, this is nothing new, it’s been ‘a thing’ for years now, certainly in corporate organisations.  The real change came about in SMEs for whom it really was quite revolutionary.  Corporate bodies will have spent a lot of money on a variety of remote access systems to keep their data secure, whilst SMEs not only had to rush unprepared because of the pandemic, but they simply didn’t have the budget to employ more secure connections.

What the pandemic has done is change that, or perhaps arguably, accelerated the change to a more distributed way of working, already underway in corporate organisations but now common amongst SMEs. 

Our first challenge then was that of education.  Changing the mindset of SMEs, moving them away from being simply technology focused, onto a more business oriented cyber

security focus.  Cyber security is a business issue, not a technical issue and that is something that many SMEs fail to grasp.  Any true cyber security professional takes a

risk managed approach, identifying the risks posed to their client, and then applying the principles of People, Process and then Technology, in that order.  That risk managed

approach is equally applicable to all sizes of organisation in all sectors and has not changed since the advent of the internet.

Taking the services we provide as shown clearly on our website (where pricing is shown), www.hah2.co.uk, the first is that of Board Advisory, where we offer advice and guidance to our clients regarding their security.  We often end up providing this advice for free as we are putting forward solutions to solve their issues but there is of course a limit to that.  We also offer a Cyber Maturity Assessment (CMA), which is close to a full risk assessment but tries to keep the costs down to an order that an SME can afford.  The CMA is fully described on the website, and we won’t reprint that here.

Another service we provide is Penetration Testing and Vulnerability assessment.  Pen Testing is a point in time test ie the minute you finish it and have read the report, it’s out of date.  It is however useful to do once a year or when you add a new feature to your systems, or take a new system into use.  We use a fully qualified CREST team who can, if you wish, also carry out attack simulations.

Vulnerability assessments are carried out continuously via agents deployed on the network.  The main difference is that as a Pen Test will find real issues, a vulnerability assessment will find things that you may be vulnerable to, but which haven’t necessarily been exploited and in fact, may not be a real issue once investigated.  They are, however, continuous throughout the year and can be more effective.

We talked earlier about People, Process and then Technology.  Arguably your first line of defence is your people.  They can also be your weakest link.  Data leaks often occur inadvertently, due to a lack of awareness rather than malicious intent. We offer cyber awareness training designed to equip your team with the knowledge and skills to safeguard sensitive information.

This training can be delivered in one of 2 ways.  The first is classroom based, either on site or over a remote connection such as Zoom or Google Meet.  The second is online training provided via another of our solutions which will be described below and allows

staff to pick when they will take some time to undertake the training which is delivered in a modular fashion, taking up very limited time which won’t take staff away from their desks to too long.

Another very important service which we provide online, cloud based, using a SaaS solution, is aimed at Data Protection.  Clients with large amounts of sensitive data that they wish to protect, use this solution.  It is essentially a data loss prevention system

that is designed and priced for SMEs, using state of the art file level encryption.  This system comes with a 30-day free trial so that clients can see it for themselves.

Based on Actifile it is tailored to the unique needs of the modern business which often sees its staff work remotely as well as in the office.  It protects the valuable data you hold and reduces your risk, without breaking the bank.  It covers:

  • Insider Threat Detection: Protect your business from internal threats posed by employees
  • Ransomware Protection: Safeguard your data from ransomware attacks that can cripple your operations
  • Data Leakage Prevention (DLP): Prevent confidential information from falling into the wrong hands
  • Data Privacy and Compliance: Ensure you meet GDPR requirements and avoid costly fines
  • Automated Encryption: Protect sensitive data with encryption that’s easy to manage.

In the dynamic world of cybersecurity, staying ahead of evolving threats requires a comprehensive approach that adapts to the ever-changing landscape. At H2, we recognise that one-size-fits-all solutions often fall short, which is why we’ve developed a flexible and scalable cybersecurity solution powered by Guardz, to address the needs of our clients.

Our approach is grounded in sound risk management principles, ensuring that our solutions are aligned with your specific cybersecurity requirements. Whether you need one or more of our products woven into a solution, we can tailor that solution to meet your exact needs and budget.

This complements the data protection solution whilst remaining capable of standing alone. Especially devised and priced for SMEs, it maintains our commitment to affordability and accessibility which is reflected in our incredibly competitive price of

£12 per seat, which includes no hidden charges, add-ons, or expensive infrastructure costs. The solution comes with a 14-day trial to give you hands-on experience with our solutions and assess their impact on your business.

This solution comes with a fully loaded Cyber Security Awareness training course, and a Phishing simulation capability.

You should note that we have bundled the 2 managed services together and offer them at a price reduced by £3 per seat per month.

Finally, we offer certification in Cyber Essentials and Cyber Essentials Plus which provide robust defences, endorsed by UK government to guard against common cyber-attacks. They are required certifications to work with public sector entities, and achieving certification signals a commitment to securing client data.

We now offer different pricing options to our clients.  For Cyber Essentials we offer:

Our Supported Package whereby we guide you during yourself assessment ensuring that you achieve certification first time, can be purchased at a one-off price which we are happy to quote for or a monthly subscription from £61 per month.  

If you are short on time or not too sure what to do, try our Turnkey Package whereby we carry out the assessment for you in total, once again ensuring that you achieve certification first time.  This can also be purchased as a one off at a price which we are happy to quote for or there is a subscription price which starts at £120 per month.

We can offer consultancy around ISO 2700X if it is considered desirable or appropriate.  We can advise on that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top