Cyber security is one of the most important challenges facing businesses today but sadly, many fail to get even the basics right. Thankfully, however, there are a variety of organisations to turn to for help, support and advice in this area. Here are key ones to help improve your business’ cyber security posture.
The first place many UK businesses go to for assistance is the National Cyber Security Centre (NCSC) – a part of GCHQ. This is a government organisation that provides free advice and offers a wealth of practical information and guidance across a range of subjects, such as password security, vulnerability management, incident response and, cloud security.
For example, many businesses struggle with securely configuring their Office 365 environment – so the NCSC has published a dedicated advisory on the subject. Additionally, the NCSC releases a Weekly Threat Report, which helps business to stay up-to-date with the latest attacks and online scams. So, no matter what kind of issue a company would like help with this, the site can provide a useful initial insight to improve understanding.
There are many reasons to improve your business’ cyber security, and one of them is regulatory compliance. It is essential that organisations of all sizes implement appropriate security controls and procedures to meet the latest standards. Failing to do so, could result in a penalty and/or a fine. The Information Commissioner’s Office (ICO) is an independent public body that reports directly to Parliament. It has many responsibilities, but some of the most crucial are upholding information rights and enforcing compliance with regulations such as the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulations (PECR) and the Network and Information Systems Regulations (NIS).
The ICO‘s website is a very useful resource pertaining to all aspects of data regulation.
The IISP Having recently been granted royal charter status, the Chartered Institute of Information Security Professionals is an important professional body for security professionals. The organisation is not-for-profit, and aims to improve and advance professionalism and working practices within the industry.
The IISP holds regular events across the country and these provide a brilliant opportunity to network with cyber security peers and to seek out advice from those with specialist knowledge.
The website of the organisation is another useful resource for businesses, helping anyone to keep up-to-date with the latest news and insights.
A Virtual CISO
Many larger organisations employ a dedicated person responsible for establishing and coordinating information security. This may be a Chief Information Security Office (CISO) or a Head of Security – and they will typically be a highly experienced and qualified individual.
However, in smaller organisations it often a struggle to employ someone in such a position. CISOs, for instance, can command very large salaries. It is for this reason that enlisting the support of a Virtual CISO has become popular. A Virtual CISO is a senior cyber security professional who may work for a business on a consultancy basis and can be called upon to carry out risk assessments, assist with overall security strategy, and mentor internal staff.
A Managed Security Service Provider (MSSPs) is an organisation that specialises in providing advice and support to companies that need to improve their cyber security posture. They provide a wide range of services, including cyber security monitoring and management, as well as vulnerability assessments.
A business will not only use an MSSP for their specialist knowledge and skills, but in order to bridge the shortfall in cyber security professionals. Outsourcing cyber security can also be far more cost effective.
There are many types of organisations providing managed security services so it is vital for a business to research the best type for its needs. If an organisation lacks an in-house security team and technologies, for example, it may need to consider a Managed Detection and Response (MDR) service, which provides a complete turnkey solution to help prevent, identify and rapidly eliminate threats.
It is important to remember, then, that there is plenty of good advice around if you need it. Cybersecurity has become a critical issue for businesses around the world, so be sure that you are making use of wealth of information available.