The Cyber Resilience Centre for Wales (WCRC) is fortunate to work alongside excellent cyber partners that help small businesses become Cyber Essentials accredited to further build effective defences against online threats.
We’re delighted to welcome Stable, a Cardiff-based IT consultancy and resourcing specialist, to our network! Here’s where you can learn more about the company, what Cyber Essentials is, the changing cyber landscape and Stable’s tips for boosting small business security.
Can you explain what Cyber Essentials is?
Cyber Essentials is a digital security baseline for organisations. It helps protect against common cyber-attacks by building a digital toolkit, whilst also painting a clear picture of an organisation’s security level. It’s a valuable step toward enhancing cyber resilience and it’s a practical step toward a safer digital environment for a business!
Why did you want to join the WCRC’s network of Cyber Essentials Partners?
Joining the WCRC as a Cyber Essentials Partner allows us a fantastic opportunity to work with some of the best cyber security companies in Wales and give us the chance to share our knowledge with businesses who need it most. Working closely with the other partners will allow us to share best practice and continue to develop ourselves, and each other, to ensure we are at the forefront of tackling cybercrime across the country.
What would you say are the main benefits of Cyber Essentials accreditation for small businesses?
Cyber Essentials accreditation offers several key benefits for small businesses:
Enhanced Security: By following the Cyber Essentials guidelines, small businesses can strengthen their cyber security defenses. This helps protect sensitive data, prevent breaches, and reduce the risk of cyber-attacks.
Customer Confidence: Having Cyber Essentials certification reassures customers that your business takes security seriously. It demonstrates your commitment to safeguarding their information and builds trust.
Competitive Advantage: Certification sets you apart from competitors. Potential clients and partners may prioritise businesses with Cyber Essentials accreditation, especially when considering security-sensitive projects.
Government Contracts: Some government contracts require Cyber Essentials certification. By obtaining it, small businesses can access a broader range of opportunities.
Risk Mitigation: Implementing the recommended security controls reduces vulnerabilities. Small businesses can proactively address risks and minimise potential damage from cyber incidents.
What three tips would you give a business with little knowledge of cyber security?
Train Your Team: Educate your employees about cyber risks and safe practices. Regular training helps them recognise phishing emails, avoid suspicious links, and protect sensitive data.
Assess Risks: Conduct a risk assessment for your business. Identify potential vulnerabilities in your networks, systems, and processes. Understanding your weak points allows you to prioritise security measures and allocate resources effectively.
Multi-factor Authentication (MFA): Implement MFA wherever possible and be proud of it. It adds an extra layer of security by requiring users to provide multiple forms of identification to access accounts. This significantly reduces the risk of unauthorised access. Sometimes, MFA adoption can be challenged by users but showing a sense of pride around your security adoption from the top level of the business will go a long way. Introduced last year (Jan 2023), MFA is now a requirement for all users of an organisation, in addition to administrators, if a business hopes to achieve Cyber Essentials.
What do you see SMEs struggling with in terms of cyber security?
Understanding of cost and the preconception that an expensive dedicated resource is required to improve cyber resilience.
In relation to point one above, the challenge should be making all members of staff recognise that cyber security awareness is the responsibility of everyone within the company and not just the IT department or those in more tech-focused roles.
Lack of awareness regarding data governance and management of risk (this has been identified by the Cyber Innovation Hub as a learning need (The future of cyber starts here - Cyber Innovation Hub)
Lack of awareness of cyber threats and the emerging threats posed by AI, specifically sophisticated social engineering techniques.
One of the main barriers from moving from on-prem to a modern cloud-based infrastructure for example is often put down to the lack of knowledge regarding the security around it. Increased cloud security awareness is key here.
How does the level of Cyber Essentials awareness from 2001 when Stable launched compare to today?
Since 2001 the threat landscape has matured in some areas but has presented fundamental gaps in others, for example:
Email in 2001 was the most common form of digital communication. Thus phishing attacks and malicious attachments were the most common form of attack.
a. Macros in Word and Excel – remember those?
2. Brute force password attacks were commonplace due to the lack of MFA
3. In the early 2000s anti-virus tools were more an advisory than a default accepted norm among
businesses and consumers.
a. Would anyone these days dare have a device that does not have some minimal protection?
b. Policies were either advisory or based on analog methods
4. Since around 2005 the threat landscape has widened at a frantic pace; Always on devices – not just
trusty desktops and internet of things (IOT) etc. Not to mention the explosion of social media.
Understanding and awareness is improving largely due to media coverage and our increased
dependence on digital tech in our daily lives. for example:
a. B2B – in some interactions CE awareness is now a recognised requirement as a passport
to conduct business
b. Though still a lot to do – an understanding of social engineering as an attack vector is evident
but much more assistance is required in this area not least because of the emergence of AI
What is Stable looking forward to the most about working with the WCRC?
An opportunity to be part of a close network of companies who share the same values and drive will be fantastic. In an ever-changing world, working together will allow us to ensure we remain joined up to protect businesses throughout Wales.
Finally, what is your favourite landmark or view in Wales?
So many to pick from! It’s the most beautiful country in the world! The entire drive up the west coast is incredible. From St Davids right up to the Llŷn Peninsula, there’s nowhere quite like it and the number of stunning views and photos opportunities is incredible.
Interested in becoming Cyber Essentials certified? The WCRC is here to help you get started, so do get in touch to receive further information.
We also offer affordable security awareness training for small organisations with 10 or less employees and run sessions for larger teams too, so please contact us for more details and to request a quote.