Security
ICT security covers a large area from basic Anti Virus to Real Time Protection, cloud based control, and scanning third party media. Keeping software and communications secure and up to date is key to avoiding a Cyber Incident. We can review your devices, their protection options, and advise on the other measures to limit security breaches. These include acceptable use policies for staff with practical measures to control data loss. In these days of Ransomware having practical, timely recovery plans is essential. SME's should review the advice from NCSC.
The Cyber Essentials standard has been around for some time and is well worth looking to achieve. There are many authorised companies that will do your certification for around £400 each attempt. To have a good chance of passing they will recommend a detailed review and in the process will likely charge a lot more. In addition you will have the cost of then acting on the review with possible new hardware, software, and communications followed by another review. We brief you on the core of Cyber Essentials and Cyber Essentials Plus, which are roughly 50% paperwork and 50% practical actions. We can help you perform a shortened review to identify assets, procedures, documentation, weaknesses and set out areas for cost concern. The DCPP site provides some documentation on how Cyber Essentials compliance works.
GDPR is there to protext people. To be GDPR compliant you need to focus on People, Processes, and Technology. There is no magic box you can buy that you can add to your network and become GDPR compliant. Cyber Essentials will speak to protecting your data from malicious attack as part of GDPR and Microsoft has excellent toolsets to help with GDPR. We can advise on how GDPR may affect your current processes and advise on compliance options. First step is end to end review of all your data followed by a RACI matrix.
Those looking to go the full ISO27001, or are there already, will find that they still need some extra elements to be GDPR compliant.