We are frequently asked a number of Cyber Security FAQ by business owners that approach us for Cyber Security solutions for their SME or SMB. The Cyber Security FAQs below are typical of the kind of questions that we get asked, which is pretty much what you’d expect from a FAQ section on a cyber security website! If you have further questions, or would like to arrange a free demo of our services, then please get in touch.
Well, you probably carry out risk assessments, whether formal or not, everyday as part of your business activities. Is this new customer a risk? Can I afford this new piece of machinery or will not having it hurt the business? Should I take on this new applicant? Etc Etc. Cyber is no different. Marrying up the threats with knowing how vulnerable you may be to those threats, and applying that to your assets, gives you a risk score. Unless you have this information to hand, you can’t formulate a strategy to deal with it. We have several articles in our News and Blog section, to help guide you.
This has long been an issue, not just with SMEs but also with much larger companies who really should know better. Cyber security is a business issue, not an IT issue. If you get hit with a cyber attack or data breach, it’s not your IT supplier that gets hurt, it’s your business. The vast majority of SMEs can’t afford, or in fact need, a full time cyber professional, and often, neither can your IT support company. Buying in expertise only when you need it, makes sense. Again, we have articles about this which can explain more.
We recognise that SMEs don’t have a bottomless pit of money and can’t afford to spend on things that aren’t their core business. But ask yourself this; how long do you think you could survive without your IT systems if you were subject to a cyber attack? We have devised protections at some really affordable prices, with you in mind.
The Cyber Maturity Assessment or CMA, is a stand alone project that is carried out to assess exactly where you stand in regard to cyber security, taking into account people, process and then, technology. It measures your current position against an industry standard Cyber Maturity Model and then compares that result to a pre-agreed point on the model, that you would wish to reach. Once that is done a fully costed plan is produced to remediate the gap, in a way that suites your priorities and budget.
A very well regarded cyber security expert, Bruce Schneier, an American scientist working out of Harvard Univeristy, says that if you think technology can solve our security problems, then you don’t understand the technology and you don’t understand the problems. Harsh? Perhaps, but a considerable amount of the controls, ie those things we put in place to reduce our risk exposure, are in fact procedural rather than technical and therefore our processes and policies need to reflect that. It is also vital that our people understand the issues they face.
In this context, an asset can be many things. They are usually considered to be data, ie an individual piece of data, or a whole database. They might equally be a critical application, a critical piece of hardware or software, or indeed a person (if that person does not have a deputy and is vital to the operation of your IT systems). Assets will differ from company to company and it needs careful thought, but what is necessary is that they are identified and registered. H2 offers a way to automate that to a large degree.
Yes we do. We can either provide classroom based training on site, or we can provide it online over Zoom, Teams or any other technology you might prefer.
We are not just a supplier but a partner to our clients, taking an holistic view of their cyber security and data protection issues. We recognise that there is no such thing as a one size fits all solution. Some clients have a focus on data protection, given the nature of their business, whilst others are more concerned with preventing issues such as financial loss due to scamming. What is clear is that they all share the same issues, in slightly different proportions. By combining our two flagship solutions, and putting a managed service wrapper around them, we can fully provide that holistic service we are so proud of.
We are very cognisant of the issues faced by SMEs and that pricing is often at the forefront of their concerns. We therefore have, for the most part, a monthly pricing structure that allows clients to pay out of revenue instead of capital expenditure, if they so desire, with pricing done per seat, on a 30 day rolling contract, although some services and products, notably anti-malware and access management, are sold on a 1-3 year contract, as directed by the vendor and over which we have only limited control. Whilst we are prepared to sell product licenses, we much prefer to provide a fully managed service to provide the holistic approach talked about above, recognising that many security products are ineffective without underpinning expertise to evaluate the results.