Tried, Tested and Proven

The Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more EU citizens resident in the UK to become cyber security professionals. As part of the learning programmes aspect of their brief, they are holding regional cyber days.

Recently I went to support one of their regional events. In this case “regional” meant all the way out in Zone 6 on the Metropolitan line!

The event was aimed at local small businesses, inviting them to come along and hear about what they can do to be more secure online and avoid being a victim of cyber- crime.

The main presentation was by Richard Bach the Assistant Director of Cyber Security at The Department of Business, Innovation and Skills. He spoke about the government’s new Cyber Essentials scheme and the five security controls that need to be in place for any business wishing to have a more secure posture. These five are:

1/ Boundary Firewalls and Internet gateways

2/ Secure Configuration

3/ Access Control

4/ Malware Protection

5/ Patch Management

However, informative though his presentation was, the main take away of the event for me was from the Q&A at the end when people asked “what is a patch?” (click here for the answer)and “who needs to be PCI compliant?”(click here for the answer) Many were on old platforms that are now unsupported and didn’t plan to upgrade. For small firms and sole traders the whole arena of cyber security seems very daunting and expensive. The Cabinet Office have made some efforts to get the message across to a non-techie audience through their campaign called Cyber Street Wise but clearly a lot more needs to be done. On the one hand HMG is determined to embed Digital by Default as the way to do business going forward. On the other it wants to procure more government services from SMEs to support small businesses. The problem is that most small businesses probably aren’t secure enough to qualify as a supplier to HMG. Technically the Cyber Essentials scheme is already supposed to be mandatory for government suppliers. Clearly there will have to be a transition period for this.

Outside of the public sector, before too long most large organisations in the private sector will insist on cyber essentials or some other acceptable demonstration that a supplier is security compliant. If small business owners bury their heads in the sand on this issue, no matter how small the company; it will soon be very difficult to do business at all without passing a basic security health check. As an approved provider of Cyber Essentials, the team at Portcullis certainly have their work cut out, if we are to help the small business community become more security compliant.

Blog by Clive Room

Click here for further information on the Cyber Essentials scheme.