How to build your security castle with cyber certification


Let’s talk about the basics of cyber security.

When you think about cyber security you probably think of hackers, insidious bits of software, and malware. Although that is part of the picture, it’s not the whole canvas.

Picture your security like a castle

The analogy I have come across to explain how to approach information security for your business is to consider your information security like a castle you have built to protect your business. If your castle is going to protect you, the greatest concern is not the highest point of the wall but the lowest point. Anybody trying to break into your castle will obviously try and find the easiest way in.

So when you look at cyber security for your business your first thought should be “where is the weakest part of my defences?”

Cyber certification can protect your weak spots

A good place to start in protecting your defences is with cyber certification.

Let’s take the example of Cyber Essentials, a well-known security standard used here in the UK. The process of completing Cyber Essentials will simply help you understand where the low points are in your defences and what you need to do to build them up to a reasonable height. Although the process can take a while, the principle is as simple as that!

I’ve spoken to many business owners about improving their cyber security and one of the common objections that I’m given is ”My business is too small for a hacker to worry about, nobody is going to bother attacking me”.

Unfortunately, that’s not the case. The Government Cyber Security Breaches Survey 2021, showed that four in ten (39%) businesses reported having cyber security breaches or attacks in the last 12 months. Of these 1 in 5 lost money, data, or other assets and one-third reported a negative impact on their business.

Business of all sizes are vulnerable to cyber attack

Hackers have a wide array of automated attack tools at their disposal and don’t need to put much effort into any individual attack.

Time for a shift in metaphor! The best way to imagine this is by comparing a little shrimp to a hungry whale. The shrimp might think it’s too small for a whale to be bothered with, and as an individual shrimp that is true. But, that’s not how whales feed. They don’t eat one shrimp at a time, they open their huge mouths and swallow thousands in one go.

This is what your business looks like to a hacker. They will simply find the weakest point of your cyber defences and use that to gain entry.

Once your business has come under attack, several things can happen next, none of them good.

  • Your business data may be encrypted and you will have to pay a ransom to get it decrypted.
  • Your data may be stolen and you’ll have to pay a ransom to stop them from releasing it to the public.
  • They may get in touch with your suppliers or customers pretending to be you and make fraudulent transactions, and so on.

Essentially, there are a large number of bad outcomes for you in the event of a cyber breach, and the survival statistics for unprepared businesses make for pretty gloomy reading.

Now you may be thinking “but I have good anti-virus software and email filtering in place already, I’m pretty secure”. Again that’s not necessarily the case. The most common weak points in business defences are related to people and processes. Examples would be:

  • Shared accounts
  • Easily guessed passwords
  • Passwords used for multiple accounts

My advice to all businesses is to make sure you have some level of cyber certification whether it’s Cyber Essentials or something more robust.

If you would like to discuss what options there are to protect the information and data in your business, I would be happy to have a chat.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply