Viewing archives for cybersescurity

Learning from Travelex

Due to a cyberattack, Travelex, the world’s largest foreign exchange bureau, has been at a standstill for more than a fortnight. The reputational and financial impact on the company and its senior leaders will be severe. New laws and regulations, like GDPR and NY Shield, mean that such breaches can no longer be swept under the carpet, and the commercial damage will be compounded by huge fines.

Travelex is a wake-up call to all businesses. In today’s cyber-risk environment, maintenance of your basic IT infrastructure and services is critical to remaining profitable and even staying alive. You may be concerned that if a giant like Travelex gets hacked, how can a mid-market company protect itself? It’s less complicated than you might think.

When we engage with clients, we talk about ‘getting the basics right’. A fundamental part of that is making sure the IT infrastructure and services are fit-for-purpose and up to date. If the basics aren’t right, then there’s no hope of looking at ways to use technology to grow the business and get ahead of the competition.

To provide you with a head-start, here are your first nine priorities:

  1. Prioritise systems maintenance. All systems and services, particularly those that are connected to the outside world, must be kept up to date with the latest software patches. The IT team or your Service Provider must review and update systems in a regular, controlled manner.
  2. Review your backups. Many malware infections encrypt your data and hold it to ransom. Frequent backups mitigate the chance of you losing everything. A regular complete backup of data stored somewhere with no connection to your systems – what’s called an air-gap – will greatly limit the damage of an attack.
  3. Get a penetration test. Get a reputable security company to undertake an external penetration test of your systems and services. Resolve all the concerns raised in the results. Find your vulnerabilities and patch them before hackers find them for you!
  4. Earn a certification. Spend some money, usually less than £10k on earning the Cyber Essentials Plus certification. The process involves making your technology secure, and we’ve seen clients win new business after being certified.
  5. Lock down your data. Each individual in your business should only have access to the data they need to do their job. This minimises the risk of data loss should they leave with it or accidentally click a malware link. Allowing employees wide-ranging access to data is asking for trouble.
  6. Invest in protection. Keep the bad guys out with well-configured firewalls, anti-spam email systems, malware detection software, and pro-active Day-0 protection systems.
  7. Get some insurance. Cyber insurance covers the losses resulting from a cyberattack. It can also aid with the management of the incident itself, particularly reputational damage and regulatory enforcement. Crime insurance covers the loss of money due to theft, fraud or dishonesty and includes theft of money by hackers. Add these two insurances to your portfolio as separate policies, not just add-ons to existing business insurance.
  8. Train your staff. Your employees are the most vulnerable security point in your business. The more they know what to look for and what to do, the better your chances of avoiding an attack. Training is essential for all new starters, and it needs regular refreshing for the whole business – including you!
  9. Plan for the worst. Even with all the above nailed down, you still need to be ready for the worst. Sit down with your top team and discuss potential disasters and plan your way out of them. Who would be in charge? Who is authorised to make major decisions on the spot?

Will Travelex survive this attack? Who knows – the reputational and commercial damage may be terminal. But by following these nine steps, you can avoid that fate for your own company.

For more information see our Knowledge Centre about Cybersecurity.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use technology to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Cyber, Legal, Compliance … How a CEO Can Sleep Soundly

It is not an exaggeration to say that most days we meet companies who have been hacked, their reputations damaged, and money lost. Successful websites can be juicy targets; ransom-ware can bring a company to a standstill.

Many companies have demanding standards and huge contractual penalties imposed on them by their customers. And the law is tighter than ever, with big fines making headline news.

The threat of cyber makes many CEO’s of mid-market companies feel exposed and uncertain. These are complex issues, your time is short, and finding a simple commercial and strategic approach can feel difficult.

But there are simple strategic steps and this document describes the basic projects to make your business secure and compliant.

You might also find 13 key steps to cyber security for non-technical Board members relevant/interesting too. Here is a short video about cyber security & compliance strategy for non-technical Board members.

You can also visit our Knowledge Centre which includes all content related to this topic.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

CEO’s Briefing on IT Risks, Compliance and Security

No doubt you worry about growing your business and being successful, but as the business grows and becomes successful, protecting it against risks becomes a new source of worry!

New concerns range from compliance with Data Protection regulations, ensuring the business will survive a climatic event, or fall victim of a cyber attack that destroys all your data.

This document covers compliance, data management and data protection including DPA (Data Protection Act), GDPR, ICO, PCI (credit, debit and payment cards), FCA and related topics. It explains practical cyber security protection measures to prevent attacks, viruses, hacking, data theft, data leaks, cyber insurance, cyber crime, ransomware, phishing. It also makes reference to backups, system failure, risk management, risk registers, risk and issues logs. It makes particular reference to SME and mid-market companies and specific sectors like life sciences, pharma, defence, builds and construction, legal and accounting, transport, supply. It provides independent advice on anti-virus, patching, IT security experts and IT suppliers, and firewalls. The document covers passwords, audits, audit trails, cyber insurance, security accreditation like Cyber Essentials Plus, and how to get started.

You may like to visit our Knowledge Centre which includes all content related to this topic.

If you’d like to discuss how Freeman Clarke could support your business Contact us now for a no-strings conversation.

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address
newnewsletterrecipient

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.

Graeme Freeman
Co-Founder and Director

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address
newnewsletterrecipient

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.