When you are an owner or director of a company, you will have to face many challenges starting from employing the right people to protecting the sensitive data regarding the company, your workers, suppliers and clients, who buy products and services from you. Nowadays, data leakage prevention is essential in every business. Last week I touched on cyber security strategy, and I’ll expand on that a little more in a week or two, but I’ll just reiterate here that cyber security and data protection are inextricably linked, both practically and legally.  They apply equally to the large corporate entities and SMEs alike.  It’s purely a matter of scale.  So, let’s dive in and learn more about the security and data protection services that you may wish to consider, having first identified your risks and come up with what is called a risk treatment plan, ie a plan to remediate the identified risks to an appropriate level, taking account of the residual risk that your organisation finds acceptable.

Cyber Security Defence – What Are the Most Common Services?

The Insider Threat

There are a lot of actions that can be taken regarding cyber defence. You need to cover both external and insider threat detection. We need to simplify, and where possible, automate our responses and solutions.  The more complicated we make it, the more chance of it becoming a liability rather than a solution. The insider threat is one that is often misunderstood and in fact, often ignored.  It is one of the most fascinating and alarming aspects of cybersecurity! It refers to the potential risks posed by individuals within an organisation who have access to sensitive information and can misuse it for personal gain or to sabotage the company. These insiders could be employees, contractors, or even business partners who have intimate knowledge of the company’s processes and systems. It’s like a real-life spy thriller unfolding right within the walls of your own organisation! The challenge lies in identifying and mitigating these risks before they cause serious damage. It’s an adrenaline-pumping game of cat and mouse that keeps cybersecurity professionals on their toes!  It is important to note that many insider threats come not from any intended action by an employee, but rather a mistaken action taken by an employee who didn’t know they shouldn’t do whatever it is they had done.  It’s a primary reason why cyber awareness training is so important.  I can’t stress enough how important a comprehensive campaign of such training is.

To protect against insider threats you need, as well as awareness training, a good mix of procedural and technical security.  You need a sound access control policy that clearly lays down how to onboard an employee, what access to allow, and how to protect against employees gaining privilege they don’t need and shouldn’t have.  That policy should also cover off-boarding when an employee leaves.  Here at H2 we have partnered with Cyber Elements to provide solutions to provide the correct provisioning in an easy to administer way.

External Threats

These are the threats that everyone thinks of when the subject of cyber security comes up.  It can be very easy, such as identifying and blocking a virus, or it can be very complex. It all depends on the size and range of the problem. For example, ransomware protection. We have partnered with Platinum-HIT (UK) to provide the HDF concept.  This provides a unique approach to anti malware and provides a good level of ransomware, and indeed, phishing, protection. On any computer system, data is stored either as non-runnable information data or runnable application programs. Malware is a type of runnable program with undesirable behaviours. HDF prevents malware infection by stopping malware program files from being stored and run on a computer. Simply put, if a program can’t run, it can’t infect your system.  This does require a period of examination of your system to identify what does need to run, to run the business, and that is provided within the product.

We have introduced a fully managed proactive cyber defence solution that complements our data protection solution, described below, whilst remaining able to stand alone, in the unlikely event that the data protection element is not required.

In the dynamic world of cybersecurity, staying ahead of evolving threats requires a comprehensive approach that adapts to the ever-changing landscape. At H2, we recognize that one-size-fits-all solutions often fall short, which is why we’ve developed a flexible and scalable cybersecurity solution powered by Guardz, to address the needs of our clients.

Our approach is grounded in sound risk management principles, ensuring that our solutions are aligned with your specific cybersecurity requirements. Whether you need one or more of our solutions, we can tailor an approach that meets your exact needs and budget.

I talked earlier about the symbiotic relationship between cyber security and data protection, which of course includes data leakage prevention, data privacy and compliance. Once again, we have this covered.  Our data protection solution is very comprehensive and looks not just at the technical, but also at the procedural aspect of data protection, from providing a virtual data protection officer, to writing and/or reviewing your policies and processes, to identifying where your data actual is, what it’s status is ie sensitive or non-sensitive, and provides the ability to encrypt the sensitive data in order to reduce your risk.  If you have a data leak and the data is encrypted, then you are significantly reducing any risk.

Summary

All cyber security defence solutions are designed and implemented in collaboration with the client, during a trial period that consists of between 14 and 30 days, depending upon the solution. All actions can be performed remotely and online and there is no requirement for us to be on site, thus reducing time and expense.  Additionally, all solutions are based on SaaS and therefore there is no expensive infrastructure or hardware requirements and being cloud based, it provides the additional advantage that it can monitor and protect end points regardless of where they are, in the office, on the move, or at home.

What’s the advantage of using a cyber defence managed service?

This will differ company to company, and some will have more of an issue, certainly regarding the protection of what is known as Personally Identifiable Information or PII, as defined in the Data Protection Act 2018.  Each must decide what their threshold is for residual risk, ie what risk is acceptable to them, once protections have been put in place.

Professional cyber security staff are, currently, difficult to source.  There is a global shortage of experienced personnel.  They are also expensive to employ.  You could also argue that there isn’t a full time job for more than one or two, in many organisations.  It therefore makes both operational and financial sense, to outsource at least some of your security operations.