• Get Help

    Please enter the 6-digit code provided by your support representative:


    You will be prompted by your browser to download the file Support-LogMeInRescue.exe.

    Your Security
    • Remote sessions are sometimes recorded for traceability and training purposes.

    • You are in full control of your computer at all times.

    • You always have overriding control of your mouse and keyboard, and you can end the screen-sharing session at any time.

    Use of EasylifeIT™ Support Connection

    EasylifeIT Remote Support is for use by established clients only

  • Call us on 0800 043 9186
    • Brightfield Business Hub Bakewell Road, Peterborough. PE2 6XU

      Sales or support

      0800 043 9186
      01733 715930

      This email address is being protected from spambots. You need JavaScript enabled to view it.
      This email address is being protected from spambots. You need JavaScript enabled to view it.

    • Suite 2, Level 1, London house, 68-72 London street, Norwich, NR2 1JT.

      Sales or support

      0800 043 9186
      01603 562996

      This email address is being protected from spambots. You need JavaScript enabled to view it.
      This email address is being protected from spambots. You need JavaScript enabled to view it.

    • 22 Orton Enterprise Centre Bakewell Road, Peterborough. PE2 6XU

      Sales or support

      0800 043 9186
      01733 715930

      This email address is being protected from spambots. You need JavaScript enabled to view it.
      This email address is being protected from spambots. You need JavaScript enabled to view it.

EASYLIFEIT™ CYBER SECURITY AUDIT

James Allison

 TOO MUCH TO DO, TOO LITTLE TIME

It’s hard work running an SME.  Limited time.  Limited resources.  Ever growing burden of regulation.  It can be difficult to know what to prioritise.

One useful tool for setting priorities is to evaluate risk using a simple five step approach:

  • Identify all possible risks facing your business
  • Rate the likelihood of that risk becoming reality using a scale of 1 – 5 (with 5 being the most likely)
  • Rate the impact on your business if that risk became reality using a scale of 1 – 5 (with 5 being the most severe)
  • Multiply your ‘likelihood’ and ‘impact’ scores together.
  • A score of 15 or more represents a high risk. Prioritise taking steps to reduce that risk score.

ceauditarticle2018

I DIDN’T REALISE HOW MUCH I RELY ON MY IT SYSTEMS

Most businesses rely very heavily on IT systems.  The impact of an event such a loss of the internet to an office is typically felt very quickly.  If it goes on for more than a few hours, the impact on business continuity can become severe, often starting to affect service to customers.

The sheer number of possible events which could have consequences for systems illustrates why IT invariably scores 15 or more in a risk analysis:

  • Cyber crime (e.g. virus, ransomware)
  • Power failure
  • Hardware failure
  • Loss of internet
  • Illness amongst key staff
  • Loss or theft of data
  • Damage to premises e.g. fire
  • Financial failure of a key supplier

CYBER CRIME – A DOUBLE THREAT

Cyber crime is an obvious threat to business continuity.  A ransomware attack for example, where malicious software gains access to your systems and threatens to wipe your data unless you pay a ransom to the criminal can cause severe disruption and financial pain.

However, it is a potential a data protection threat as well.  The General Data Protection Regulation (GDPR) came into force on 25th May 2018 amid much hype and no little confusion about what businesses should be doing.  If a cyber attack has resulted in unauthorised access to your systems, it is very likely this would also be considered a “data breach”.  And if that data breach has resulted in personal data about your staff or customers being compromised, then you now have a data protection problem to deal with as well as a business continuity issue.

THE LINK BETWEEN GDPR AND CYBER SECURITY

A key pillar of GDPR is the “security principle”. This states that you should process personal data securely by means of “appropriate technical and organisational measures”. The aim is to guard against unauthorised or unlawful processing, as well as against accidental or unlawful loss, destruction, alteration, unauthorised disclosure of or access to personal data.

The Information Commissioner’s Office (ICO), the body responsible for enforcing data protection legislation in the UK, advises the following in respect of steps businesses should be taking:

  • Consider things like risk analysis, organisational policies, and physical and technical measures
  • Measures must ensure the ‘confidentiality, integrity and availability’ of your systems and services and the personal data you process within them
  • Measures must also enable you to restore access and availability to personal data in a timely manner in the event of a physical or technical incident
  • Ensure that you have appropriate processes in place to test the effectiveness of your measures, and undertake any required improvements

What the guidance does not explain is exactly how to implement all of the above.  This has left some businesses wondering what practical steps to take.

IS THIS GOING TO BE EXPENSIVE?

The guidance from the ICO is that actions have to be practical, but this does not necessarily equate with expensive.  The ICO is clear that businesses can consider the state of the art and costs of implementation when deciding what measures to take.  However, whatever measures you take must be appropriate both to your circumstances and the risk your processing poses.

One of the fears many businesses have over GDPR is the significant increase in the maximum level of fines available to the ICO.  However, it is worth noting that the ICO is not required to impose fines, even in the event of a data breach.  In making their assessment of appropriate action, they must take into account a number of considerations.  These include the degree of responsibility of the data controller or processor took in terms of the technical and organisational security measures they implemented.

The cost of implementation does not necessarily have to be expensive.  Additionally, the investment in good data safeguarding has the added incentive of potentially reducing the size, or removing the risk completely, of a fine from the ICO.

IF YOU ONLY DO ONE THING, DO THIS

Cyber Essentials is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations.  Although there is no requirement within GDPR to achieve Cyber Essentials, it is nevertheless a structured and well-recognised scheme which gives clear evidence that an organisation is taking its system security seriously.  It fits well with an overall objective of taking sensible steps to reduce business continuity risk whilst complementing what needs to be done for GDPR compliance.

Cyber Essentials requires businesses to complete a questionnaire and provide evidence to demonstrate that they meet minimum standards around the following key themes:

  • Password-based authentication - to ensure users are who they say they are
  • Firewalls – to ensure only safe and necessary services can be accessed from the internet
  • Secure configuration – to reduce the level of vulnerabilities such as running untrusted programmes on devices such as PCs
  • User access control – so that only users who need access can gain access
  • Malware protection – to prevent harmful software from causing damage or accessing sensitive data
  • Patch management – to ensure that devices and software are not vulnerable to known security issues for which fixes are available

Meeting the Cyber Essentials requirements will not guarantee any organisation complete safety from cyber crime. However, it will help to reduce the risk. Furthermore, it can be recognisable evidence to present to the ICO and your customers that you take information security seriously.

Further details about Cyber Essentials can be found via this link:
https://www.easylifeit.com/it-services-for-business/easylifeit-security 

EASYLIFEIT™ CYBER SECURITY AUDIT

EasylifeIT can help your organisation provide evidence of its effort and commitment to solid technical and organisational controls by facilitating and documenting a cyber security audit. Using the Cyber Essentials questionnaire as the framework, our consultant will work directly with staff members who have responsibility for your company’s IT infrastructure and data security.

The end result will be a gap analysis – providing a measure of the organisation’s current level of preparedness and the gaps (if any) which need to be addressed. This analysis will be provided in EasylifeIT’s report which is included as part of the Cyber Security Audit. Following the Audit, you will be able to make an informed choice about whether you wish to go further and pursue external assessment to achieve full Cyber Essentials certification. And if so you will also have a clearer picture of the scope and the likely effort needed to get there.

DELIVERABLES

The programme of work typically takes between 1 and 2 days, depending on the size of your organisation. The programme comprises:

  • A site visit by a Cyber Essentials qualified EasylifeIT consultant to conduct the gap analysis, working directly with nominated representatives from your company
  • Production of a written report of findings and recommendations arising from the site visit

BENEFITS

  • An independent analysis delivered by qualified and experienced professionals
  • An action plan from which to build and maintain evidence of commitment to good data privacy and security practice

 

JAMES ALLISON

James AllisonSTRATEGIC IT CONSULTANT. EASYLIFEIT NORWICH
JAMES IS AN EXPERIENCED AND VERSATILE BUSINESS PROFESSIONAL WHO HAS WORKED ACROSS MULTIPLE SECTORS. HE PROVIDES COMPLEMENTARY SKILLS TO EXECUTIVE TEAMS, ADVISING ACROSS A RANGE OF DISCIPLINES INCLUDING IT STRATEGY, BUSINESS CONTINUITY PLANNING AND IT PROJECT MANAGEMENT

 

Print Email

How to contact EasylifeIT™

  • Contacting EasylifeIT™ is easy. Call us on 0800 043 9186 (+44 1733 715930) if you would like to speak to one of our team. Alternatively, email This email address is being protected from spambots. You need JavaScript enabled to view it. or complete our short enquiry form.

    Please note that you will be redirected to our secure SSL portal to submit your details and returned when finished

    Contact Form

Strategy and consultancy

Strategy and consultancy
EasylifeIT™ Director
ConceiveIT. A bewildering array of choices; unfathomable jargon. EasylifeIT™ will talk to you in plain English. We will help you make sense of your options and give you the confidence to make good decisions

Read more

Preparation and implementation

Preparation and implementation
EasylifeIT™ Project Manager
ImplementIT. Let us plan, manage and implement the project for you, taking the weight off your shoulders while bringing years of cumulative experience to ensure its success.

Read more

IT SITE MANAGER and support

IT SITE MANAGER and support
EasylifeIT™ Site Manager
ManageIT. Few things are so disruptive to your operations as when the IT misbehaves, and a poorly maintained and managed system is much more likely to go wrong. Delegate this responsibility to easylifeIT™

Read more

IT SECURITY and Cyberessentials

IT SECURITY and Cyberessentials
EasylifeIT™ Security
SecureIT. The use of internet and email has brought enormous benefits, but also considerable risk. Every day there are cyber-attacks against companies just like yours

Read more