The government's popular Cyber Essentials Scheme helps you and your employees guard against the most common cyber threats around at the moment, proving your commitment to great cyber security. If your people aren't qualified yet, this is the perfect time.
October is Britain's National Cyber Security Awareness Month, a whopping 55% of UK businesses say they suffered cyber security issues in the last year, and hanging onto data is more fraught with risk than ever before. It's complicated. Welcome to our world!
Keeping cyber-life simple - Are you keeping data when you don't need to?
Toxic data is a big deal. But what does it actually mean and are you vulnerable? Toxic data usually refers to data you've collected without consent from the people concerned, and that brings with it a risk of fines and penalties under the GDPR 2018. But 'toxic' can also mean data that you've kept just in case you might need it later. Did you know that simply hanging on to data without having a good use for it can leave you in big trouble? Worse still, the longer you keep it the worse the mess toxic data can get you into.
All data is not valuable, and there's no reason why it has to be kept or maintained. You may be able to ditch some of it without even reviewing it. Some diligent businesses go as far as deleting general business information and emails every three months because they recognise the information in emails could actually be more risky stored than thrown away.
Luckily the GDPR lays out exactly what you need to do with data, how long you can reasonably keep it, and how to get rid of it safely, securely and legally. One thing is certain: keep collecting data, stash it, don't clean it or get rid of it, and your financial liability could eventually prove very painful indeed. Maybe even a business-killer.
Data compliance is tricky for us all, whether we run a large or small business. A recent survey of marketers reveals 71% agreeing that data compliance nightmares would be detrimental on their companies’ ability to conduct cross-border business. So what's your best bet? It's relatively simple. Only collect the data you actually need, use it the way you said you would, and get rid of it the moment you've finished with it.
Have you thought about Cyber Essentials qualifications for your employees? Now's the perfect time.
Jobs for the girls – A dramatic hike in female cyber security applicants
As reported by the Evening Express, it's fantastic to see so many girls applying for cyber security courses, a hike of 50% in just one year. Bearing in mind we highlighted the lack of female players just a few months ago, it's great news and goes some way towards equalling the field.
According to the National Cyber Security Centre, part of GCHQ, the nation has seen a big increase in females on its CyberFirst summer courses, a hike of 47%. But there's more. Overall applications for the course have also gone up since last year, by an impressive 29%. It matters because we urgently need to increase and diversify our cyber security workforce, and addressing the gender imbalance is crucial to that goal. At the same time The Institute of Coding said around 10% of young people are put off the tech sector thanks to a lack of diversity and equality, with 70% of the 16 to 18 year olds asked showing concern that the digital tech sector is run entirely by 'white men'.
Welcome to National Cyber Security month
55% of UK businesses were targeted by cyber-criminals in the past 12 months, up 15% on the previous year. Now National Cyber Security Awareness Month is here, a good way to remind organisations like yours to evaluate their cybersecurity and take action to stay safe. It's incredibly important these days when a cyber-attack is more of an inevitability than something theoretical. If you haven't considered it yet, you need to find out how to strengthen your company's IT security and stop potentially devastating attacks.
Employee awareness is at the top of the agenda again, and not for the first time. 21 years after Google set up shop, many of the technologies we work with on an everyday basis still come with risks attached. And people remain the biggest risk as far as cyber security is concerned. That's no bad thing, since humans can be taught new things and their ignorance can be patched!
No matter how many layers of protection IT teams put in place, all it often takes to get into a system and trash it is one unwary employee opening a phishing email and clicking on the link. Every employee should be up-to-date with the latest security protocols and processes, since the human element is always the hardest to control. At the same time there's trouble in plenty of boardrooms because Directors don't fully understand how crucial good IT security is and may be reluctant to fund training and tools to prevent attacks. It's clear that cybersecurity should be given a top position on the executive agenda.
Application security is sometimes treated as an afterthought, if at all. Security is rarely embedded direct to the fabric of IT networks. The balance between the user experience, security, and affordability is out of whack. And one of the most effective things an SME can do to stay safe is enable multi factor authentication. Again, it isn't rocket science. While there are countless complex and expensive ways to protect systems, and tools you can buy, multi factor authentication is the best, available for a couple of decades and still not widely enough adopted.
Many of the larger data breaches we see these days involve attackers using stolen user data to access systems. It presents a significant problem for IT security but again it's not impossible to resolve. While an attacker using valid data looks like any other user, changes in the way the data is used can clearly reveal an attack. Sadly IT security people often fail to make the connection, being too busy or unable to make sense of the data. User and Entity Behaviour Analytics (UEBA) helps.
All this sits against a landscape where cyber-security is one of the most exciting sectors to work in, a place that's constantly changing, endlessly challenging and incredibly varied. But almost three million essential cyber security job vacancies remain empty. What will it take to get everyone working together, train everyone up, and keep the businesses of the future safe?
If you’re thinking about a career in cybersecurity, this month is the ideal time to kick-start your career, or change tack in your existing one. If your company hasn't given their staff Cyber Essentials certification, it's a great time to arrange that, too. The Cyber Essentials Plus scheme goes even deeper. Which will you choose? Let's talk about the best qualifications for you and your people.