Cyber Security

Managing the Cyber Security threat

Data has been described by The Economist magazine as the most valuable resource on earth – even more so than oil. Ensuring that your data is protected is therefore an extremely important part of any organisation’s objectives. This is especially so for any business that handles sensitive, personal, health, or financial data. For a small company that does not have a lot of resources to invest in sophisticated IT infrastructure and cyber defences, this problem of how to protect data is a difficult one to solve.

Reading Time: 6 minutes

Inefficient processing of data, that in itself leads to a higher risk of a breach is not only more costly, but may also lead to falling foul of prevailing data protection legislation – in the form of GDPR. This can result in fines being levied of up to 4% of turnover for such breaches. This unfortunate circumstance may be inadvertently caused by a lack of awareness and/or weaknesses in cyber security defences. This in turn, will result, in addition to these large fines, in possible class law suits from customers and irreversible loss of business reputation.

As a result of all of this, It is now becoming the norm – when trying to win business, to be asked for evidence of compliance with GDPR and proof of controls that are in place as your defence against cyber attacks. This request may be in the form of providing policies and procedures for GDPR or formal accreditation for Cyber Security – Cyber Essentials and Cyber Essentials Plus.

We have helped companies win bids for business, achieve cyber security accreditation whilst ensuring that they are GDPR compliant. We have industry qualified and accredited consultants.

A graphic illustrating various aspects of Cyber Security. Icons represent different elements such as Application, Information, Network, Operational, Encryption, Access control, End-user education, and Disaster recovery, with text labels below each icon.

A UK government backed certificate. This provides a level of assurance to all Stakeholders that there is an acceptable level of defences in place.

It is now mandatory for all central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. This means that any potential external supplier to the public sector will be unable to do so without this certificate.

This is the most relevant for small companies that don’t process large volumes of sensitive data. Any company with a turnover of up to £20 million is entitled to free Cyber Insurance. This covers;

Liability: claims made against you arising out of media activities and privacy and security wrongful acts.

Event Management: costs, including emergency costs, following a data breach, including the costs of notifying data subjects. These might typically include payment for Legal, IT, Forensic & PR specialists.

Extortion Demands: ransoms and other cyber extortion.

Regulatory Investigations: defence costs & regulatory fines (where insurable by law).

Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.

Loss of Electronic Data: costs of remedying the issue that allowed the loss or damage to your data and costs to replace, restore or update your data

Costs – external audit £300

  • Nationwide Presence

    26 national support locations throughout the UK. See Office Locations.

  • Fixed Fee Payments

    There are no hidden charges, and what you see is what you pay.

  • Free Gap Analysis

    Assess the difference between your business performance & your goals.

  • Audit Support

    Supporting businesses with upcoming compliance audits. FAST TRACK priority support also available.

  • Ongoing Support

    JVR offer Ongoing Support & Maintenance for peace of mind.

  • Customer Service

    Our customer reviews are a testament to our work & the results we achieve.

  • Experience

    Vast experience in developing compliant integrated management systems

  • Thorough Process

    We write procedures, policies & associated documentation.

  • Bespoke

    Our services are tailored to meet individual company requirements.

Gap Analysis Report - Request a Free Remote Assessment

Free Remote Gap Analysis

Book a Free Remote Gap Analysis during Covid-19 for your business. To learn more, why not read our What is Gap Analysis blog article and understand how a Gap report would benefit your company.

How do you access your risk?

Cyber Security is undertaken by performing a risk assessment via a full audit with one of specialists

There are three main areas for this assessment:

  1. people
  2. process
  3. technology

Being the victim of a cyber-attack can result from weaknesses in any one of these three areas.

A cyber-attack is very serious for any organisation as it may well result in:

  • Fines from the Information Commissioner’s Office (ICO)
  • Potential class action from customers of any personal data lost
  • A loss in brand prestige due to the adverse publicity and potential loss of business

We can provide the following services on a competitive basis:

  • Data Protection & GDPR Advice
  • Data Protection & GDPR Audits
  • Cyber Security Audits & Advice
  • Data Breach Management
  • Subject Access Request Management Information Management Consultancy Cyber Essentials Accreditation
  • ISO 27001 Accreditation
  • Cyber Essentials and Cyber Essentials Plus accreditation
  • Data Protection Officer (DPO) as a Service
  • Data Protection and Cyber Security Training & Awareness – all staff levels

For a thorough insight into the impact of a cyber attack o your business and how you can prevent it please contact our certified advisory team on 01628 56 52 56.

Cyber Attacks

Recent cyber attack on the US Law Firm to the stars that has been attacked by Ramsomware: https://www.infosecurity-magazine.com/news/law-firm-to-the-stars-confirms/ the hackers are now demanding $US42 million to release their data and systems and have even encrypted their back-ups so they can’t use the backups or get operating systems back on.

Also the middle company of the National Grid here in the UK (ELEXON)

“The company that facilitates payments on the U.K. electricity market, tracking the trade between those who produce electricity and ELEXON those who supply it and resolving the differences, has fallen victim to a cyber-attack. Elexon is at the center of the balancing and settlement system, working with Great Britain’s National Grid Electricity System Operator (ESO) to keep the lights on. The lights didn’t go off across the U.K. as a result of this cyber-attack, but internal IT systems and laptops at Elexon went dark.”

The image shows the logo of Elexon, a company renowned in Cyber Security, with the name in uppercase letters. The text is styled in a modern sans-serif font and colored in teal. The letter "X" is larger and extends into the surrounding letters.

The data from the security companies and the number of recent ransomware incidents show a dramatic escalation for a type of attack that, just a few years ago, was mostly directed at individuals, who had to pay only a few hundred pounds to get their files back. Now, this type of attack can see ramsomware demands of hundreds of thousands even to millions As in: Travelex UK – the hackers demanded £4.6 million Due to this – The hack has affected major banks including Lloyds, Barclays and Royal Bank of Scotland, all of which rely on Travelex for their foreign currency for their travel money service. This service is currently suspended.) ) to have their systems and data released and that’s because these larger organizations have far better security to protect data than most SME’s, so imagine.

It isn’t a matter of “if” or “when”, but as your company is being hacked, how can organizations respond to and manage the cyberthreats landscape. As Brian Krebs, one of the world’s leading cybersecurity journalists, said at our recent event “everything gets hacked!”, with businesses and IT professionals needing to start accepting the “depressing reality”. The proliferation of data breaches continues to surge. According to Cybersecurity Ventures, a data breach occurs every 14 seconds, down from every 40 seconds in 2016 and by 2021 will occur every 11 seconds.

With the current pandemic, the problems have not gone away for many organizations and IT departments, rather the contrary, they have escalated. No organization is exempt from the threat. Not even the World Health Organization (WHO). According to Flavio Aggio, Chief Information Security Officer, reports that cyberattacks on it (the WHO) have doubled in recent weeks including an attempt to steal passwords belonging to WHO agency staff.

Moreover, cybercriminals are taking advantage of the opportunity to scam, hack and cause chaos across the digital landscape. There has never been a time like the present for organizations to analyse their information resilience across areas such as cybersecurity, information management and privacy, security awareness programmes and compliance with regulatory requirement.

So, what should organizations do if they have a data breach?

Here are six important stages of a data security or data privacy breach. This will help enable incident response teams to proactively detect, manage and provide remediation to enhance their state of information resilience.

  1. Preparing for a data breach: Have you put the right governance structure in place, with the correct resources and tool sets?
  2. Identifying a data breach: Can your team respond to security alerts and determine if there has been a potential incident and ultimately a data breach?
  3. Containing and eradicating a breach: Are there plans in place with the right resources to stop a data breach?
  4. Recovering from a breach: How quickly can you restore operations to business-as-usual?
  5. Post incident review: Are you systematically reviewing and identifying improvements from each incident?
  6. Lessons learnt from a breach: Are you successfully implementing lessons learnt across the business?

Our team of trusted advisors can support your organization’s capabilities to respond to breaches at any time and find out now how we can help keep your organization secure, safe and sustainable during these vulnerable times.

Frequently Asked Questions from our Customers

Achieve Accreditation and Compliance with JVR

JVR Consultancy was formed in the year 2008 and their head office is based in Windsor and Maidenhead. We noticed that there was a gap in the market, for companies who work in the construction, rail, utilities, oil and gas sector who were not fully supported in the way that they could be when it came to industry compliance and certification. That is why our highly experienced team of compliance consultants can serve these sectors by providing over 135 years of combined experience with all compliance needs. In short, you won’t find anyone else who cares as much, or who tries as hard as we do.

Speak with one of our experienced consultants. At JVR, we know that time is precious, and you want the answers to your questions quickly, especially during an audit!. Once we speak with you for the first time over the phone, we need around 10 minutes to fully evaluate which accreditation you need support with and a brief introduction into you and your company.

  • This field is for validation purposes and should be left unchanged.

Related Articles

More reasons to choose JVR Consultancy for Compliance & Risk Management

Menu

Close

Matt Whiteman

I hope you enjoy reading this article.

If you want to talk to me about your compliance requirements, please click here.

Book a Consultation

Close

Swipe-up to become Accredited