There used to be two - death and taxes. There is now a third - cyber security incidents.

This may either be (more likely) through accidental loss of data rather than a targeted attack or security breach.

The science of Information Security is like and onion, you start with the basics, peel back a layer, and hey presto! there are more details to consider.

You can get to your preferred level of security (acceptable to you) relatively easily (also know as 'security posture' or 'risk appetite'). This risk is based upon the value of the information you are sharing either with friends, colleagues, peers, business partners, a supply chain contractor, or the public internet. This may be via email, a web page, or a Cloud based Software-as-a-Service (SaaS) platform such as Microsoft 365, Google Workspaces, or Salesforce to name a few.

These may include shared documents, photo's, music, or more sensitive information such as financial, legal or health related records.

Now technology companies are very good at protecting your information however, the risk to you, your business, reputation, or brand relies solely on you (make sure you have local backups of everything).

Large businesses and enterprises have this (pretty much) wrapped up with large teams of IT security experts on hand 24/7 to plan, monitor, and react accordingly to any security breach that may occur, and they will!

But what about the smaller operation or start-up, how can they be protected?

Well the good news is there is a UK* approved scheme called Cyber Essentials which posed around 70 questions to ensure your business is in the best shape to prevent the most obvious cyber security issues of the day. This can either er be through self assessment or via a professional partner, many of whom can be found online.

The cost is not onerous and, once passed, a certificate is issued and valid for a year. Your company is also registered on a list of Cyber Essential suppliers for your (prospective) customers to check and you can add marketing logo's to your emails and brand literature.

There is an advanced scheme called Cyber Essentials Plus which offers an external test of your business IT systems exposed to the Internet for an additional fee.

I would strongly urge any company to have Cyber Essentials as a minimum; this shows to your customers that you are doing the right thing by them in protecting their data properly and offers a commercial advantage against your competitors.

For UK customers, the NCSC have a new scheme for Cyber Month to apply for a free Cyber Action Plan - just head over to the web site https://www.ncsc.gov.uk/cyberaware/actionplan to apply.

*CISA in the USA also has a scheme called Cyber Essentials and the Australian ACSC has the Information Security Manual (ISM). Other countries have similar schemes for small to medium businesses/enterprise (SMB / SME).

If you have found this informative then please leave feedback - I'd love to hear from you?

Keith #learnsafecyber https://learnsafecyber.co.uk