One of the crucial determinants of success and profitability in SMEs is having a loyal customer base. Building loyalty and trust with your customers starts with ensuring that sensitive information about them is protected and safeguarded from cybercriminals or hackers. SMEs have long been targets of cyberattacks. However, the situation has worsened over the years, mainly due to the widespread use of the internet, which has created more exploitable avenues for cybercriminals.

Compromised systems can lead to unprecedented losses for your business. Therefore, it is important to be adequately prepared to prevent and deal with cybercrime levelled against your business. While there are many indicators of a vulnerable system, here are some of the signs you should watch out for as part of the preparation to secure your business from potential hacking.

Slow connection

A weak and slow internet connection could be a sign that your system is already under a distributed denial of service (DDoS) or denial of service (DoS) attack. When your connection starts to chug along, the sluggishness could be due to system overload caused by an attack. Your operating systems also become slower while programs take longer to start.

System crash

The constant crashing of programs is a strong sign that you may be under a cyber-attack. While crashing is also commonly caused by technical problems, some of them are attributed to malware attacks. In case of such issues, it is advisable to seek a reliable and effective security solution from a trusted provider.

Frequent pop-ups

Pop-up windows are annoying but can also be a sign of system vulnerability. Some of the pop-ups are spyware in disguise and may originate from unsafe downloads, replies to particular emails, and clicking suspicious links.

Excessive and suspicious activity

It may be time to consider the possibility of a cyber-attack if you see suspicious and excessive activity in your system even when your business has not used the hard drive for a substantial period. Just like crashing, suspicious activity may also be caused by different factors, such as hardware problems. Nevertheless, such activities cannot be blatantly ignored. It is essential to monitor all activities on the drive as well as the consumption of space.

Disabled programs and restricted access

When vital security features such as antivirus seem to be disabled or fail to update, you may as well be having a severe cyberattack. Hackers have devised malware tools that not only disable security solutions but also block your access to some sections of your computer, such as the control panel.

Generally, understanding the signs of a vulnerable system is the first step towards protecting your business from cyber-attacks. Other indicators that you may need to look out for are unauthorised homepages, automatic starting of programs, and constant error messages. 

We are very happy to announce that CyberSmart Active Protect is now available in Starling’s Business Marketplace, launching in the brand new category of Security.

Starling’s approach to business banking hasn’t gone unnoticed and is experiencing exponential growth, already with 65’000 customers and a target of 450’000 by 2023, as well as winning “Best Business Banking Provider” at the British Bank Awards 2019. The challenger bank is on a mission to make business banking accessible, with a simple, seamless experience for SMEs, very much like CyberSmart’s approach to cybersecurity and compliance.

CyberSmart and  Starling share the compelling vision to transform their industries, making accessibility, trust and agility a core part of their offerings. Today marks another step towards that journey by bringing financial health and business health into a single view within the Starling app.

The inclusion of CyberSmart Active Protect in the business marketplace, allows Starling’s business customers to take their cybersecurity and compliance to the next level, with a seamless registration process, straight from the Starling app. CyberSmart Active Protect makes it possible for Starling’s business customers to more easily achieve cybersecurity in line with government cybersecurity standards such as Cyber Essentials, protect and ensure compliance across all their company’s devices 24/7 and mitigate 99.3% of cyber threats.

“We’re very excited to be bringing CyberSmart Active Protect to the Starling business marketplace. From the beginning of CyberSmart, our focus has been on protecting and empowering SMEs. They are often left behind when it comes to cybersecurity and compliance, due to the complexity and high fees. We think everyone deserves to protect their data and reputation. CyberSmart will allow Starling business customers to secure their business, get government certifications and achieve continuous compliance, affordably and with minimum effort. The synergy between Starling’s and CyberSmart approach to empower SMEs makes our companies working together, a very exciting and beneficial partnership.” – Jamie Akhtar, CEO, CyberSmart

Starling business customers can now add CyberSmart Active Protect directly from the Starling Marketplace, should you have any questions, our team is here to help, just click on our live chat or contact us.

The ICO (Information Commissioner’s Office) has updated its guidance (August 2019) on the timescale for a Subject Access Request (SAR). But what is a SAR? And how long do you have to respond to one? 

What is a Subject Access Request (SAR)?

Under the General Data Protection Regulation (GDPR), anyone can request a copy of the data an organisation holds on them. The request can contain any of the following:

• Why the data is being processed 
• What type of data it is
• Who any recipients of the data are
• The length of time the data has been stored
• How the data was collected
• How the data is being safeguarded

Unlike the original legislation, which allowed for a £10 upper limit, it doesn’t cost anything to lodge a SAR.

How long do you have to respond to one?

You must respond to a SAR within one calendar month*. And this includes the day you receive the request.  For example, a request received on the 3rd of September requires a response by the 3rd October.  If you’d like more detail, check out the full guidance here. 

The limited timescale to respond demonstrates how important it is to ensure the data you collect is well-stored, easy to manage and secure. Without these safeguards, a SAR can quickly turn into a painful, time-consuming process. Worse still, it could lead to a GDPR fine (up to 4% of annual global turnover or €20 million, whichever is greater ).

 To help demystify the process, we’ve put together a six-step approach to addressing a SAR. 

*If the end date falls on a Saturday, Sunday or bank holiday, the calendar month ends on the next working day.

Are you looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

All through September, we will be sharing the free tips and tricks, that you can implement straight away to ensure your organisation protects itself from cybersecurity threats.

Currently in the UK, 32% of SMEs experience cyber-attacks every year, a figure that is increasing, with costs running into the thousands of pounds. With a few preventive measures, it is actually possible for you to fight these threats. By implementing various techniques, strategies, using free tools and being aware of the main ways your business might be targeted, you can take protect your business today.

Come back throughout September as we add more tips. It’s time to become CyberSmart.

1. Use Two Factor Authentication (2FA)

Adding an extra layer of security to your accounts can never be a bad idea. With a lot of platforms these days, 2FA is available, where you either: receive an SMS (least safe), Email (medium level safety) or authenticate via an app (recommended). There are free and premium solutions available, such as 1Password, allowing you to enable higher levels of security and 2FA across all your personal and business accounts.

2. Time to have an app clear out

Do you know all those apps you have installed but you never use, they should go. If you have apps that have been installed for months, not been updated, they could be full of vulnerabilities, waiting for a cybercriminal to exploit. When you delete these apps make sure to delete your account and unlink any credentials.

3. Are your email details available on the internet already?

This can be a scary thought but more than likely, your email has been compromised before. With the introduction of GDPR, more and more companies are openly admitting cyber breaches. We recommend using haveibeenpwned.com to check if your email has been compromised in a data breach before. Simply enter your email, check for breaches and address the situation.

4. Are you really going to plug that USB in?

You should be extremely careful with USB devices. Even after formatting, malware can still be present so ensure you completely trust the source of the device or go one better, do away with using USB full stop.

5. Update, Update, Update

Updating your apps and software can prevent 85% of targeted attacks. Make your business safer by allowing all updates to be automated, you don’t even need to think about it.

Make sure your operating system (on all your devices) and all applications are updated, at all times, updates are free after all.

6. Always lock your devices

It’s often funny when you walk away from your computer to come back and find a funny background picture, right? During the time you allowed for that to happen your business could have experienced a catastrophic and business impacting data breach (and many other potential risks).

Always lock your screens, and make them only accessible by you.

7. Might be 2019, but that doesn’t mean Antivirus is out of fashion

Antivirus is a necessity for all your devices, desktop and mobile. Without an antivirus, you are putting your business at risk of those pesky viruses but also of Malware, lurking in the background, dormant or actively damaging your device. There are many antivirus options out there, some may even come pre-installed with your device, others with free and premium versions. There’s no excuse not to be using an antivirus.

8. Turn on your firewall

Most operating systems come with a firewall and there’s a very good reason for this. Ensure all your business devices have this on, as it’ll create a buffer zone between your network and the internet, a highly valuable preventive measure for cyber attacks.

9. Ransomware, sounds scary but what is it?

Ransomware is one of the biggest cyber threats your business faces as it encrypts ALL YOUR DATA and locks you out of your device.  Then normally it requests a ransom payment of a few hundreds of pounds in order to give you a decryption key.

How do you protect yourself?

• Backup all your data (often and in different locations)
• Vital business information shouldn’t be only on your computer
• Don’t click on emails from unknown senders (and NEVER access .zip files in emails from these senders)
• Like we mentioned earlier, UPDATE your OS and apps
• Have an antivirus installed

10. Do you know how to spot a phishing email?

Firstly, a phishing email’s intention is an attempt to collect your personal data, and more than likely you have come across it one (or many) before.

• Serious businesses will never display your email address in the subject line
• Check out the sender and their email, try to spot how valid it is
• You don’t have to open an email just because it instils some sort of urgency (the more urgent it may look, the higher the likelihood of a breach)
• Always check links before you click.

11. Check back tomorrow

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Compliance standards are highly effective when providing security services as an MSP. Here we share a specific case, where one of our partners has managed to positively impact their bottom line, by providing Cyber Essentials certification suing the CyberSmart platform.

Golum IT, a London-based MSSP and security consultancy faced a big challenge: clearly demonstrate the value of their added services to their customers. Despite using the latest technologies, well trained sales people and account managers, the company found it difficult to showcase how much impact their work added to the cybersecurity of their clients. 

Introducing monthly reporting

As an initial step, the company began providing extensive reports to its customers on a monthly basis. These reports contained an extreme level of detail about threats faced and preventive measures deployed. To Golum IT’s surprise, even the deepest of insights on the effectiveness of measures deployed, struggled to nudge the scepticism of their client base.

Ultimately it was identified that, besides skim reading over the executive summary, these reports remained largely unread; the problem wasn’t the level of reporting, but simply the complexity and sheer volume of information provided.

Introducing external benchmarks

In order to maintain a high level of transparency, whilst simplifying reporting, Golum IT decided to introduce external standards to measure the effectiveness of their work. Although basic on the surface, the Cyber Essentials standard, with its 5 control areas, provided “headings” for every measure in place. In other words, instead of reading through X amount of pages of reporting, customers now receive a 1 page report, outlining the alignment of the company’s security posture to Cyber Essentials and what can be done to improve. 

Results

Initially there was concern that Cyber Essentials was perceived as too basic to be used as a benchmark. In reality however, the brevity and clarity of reporting was more important than the need for in-depth knowledge. Of course, in some instances customers have additional questions, however they are very specific and based on reports produced. 

By introducing these reports based on the CyberSmart platform, customers  clearly saw and understood the value of its implementation, leading to more deployment and sign-ups of CyberSmart.

CyberSmart has become an official supplier on G-Cloud 11, a major government procurement framework. 

G-Cloud, created in 2014 by the Crown Commercial Service and Government Digital Service, makes government procurement easier, transparent and much more efficient, reducing the usual lengthy procurement processes from weeks/months down to days. It is straightforward and well guided.

After making it through a rigorous tender process, which ensured our products and services fit in with the needs of G-Cloud, we were confirmed as a supplier from July 2019, ensuring cybersecurity compliance and assurance are easily accessible to everyone on the framework.

The framework allows the central government, local authorities, NHS Trusts, Ministry of Defense and other public sector bodies (including agencies and arm’s length bodies) to access a central website and purchase cloud-based services. 

With CyberSmart Active Protect in G-Cloud 11, the tools are in place to ensure full cybersecurity compliance and assurance in public sector bodies and meet recognised cybersecurity standards across full organisations. 

From ensuring all devices are continuously compliant; to achieving certifications, often on the same day, such as Cyber Essentials, Cyber Essentials Plus or IASME GDPR Ready, the opportunity is now clear and much faster than before.

Jamie Ahktar, CyberSmart’s CEO said: “ Cybersecurity in the public sector is a matter of great concern, so we are happy to be able to provide our innovative platform and products, to support and safeguard key British organisations. Being included in G-Cloud 11 is yet another endorsement of CyberSmart’s platform, and is testament to our already successful and growing relationship with the public sector.”

Can you purchase via G-Cloud 11? See here for government guidance or contact us.

We are happy to announce, CyberSmart has secured £1.3 million in new financing led by deep-tech investor IQ Capital, after two years in stealth mode. This funding will allow us to further accelerate our rapid growth, build next-generation technical capabilities and secure Britain’s future as a leader in cybersecurity.

CyberSmart’s core mission is to protect and empower SMEs, often the weak link in cybersecurity, but at the same time, the bread and butter of UK business landscape. CyberSmart’s platform and products allow any size SME, with or without technical resources, to protect itself and its staff, easily and affordably. The exciting platform is bringing cybersecurity standards to the masses, with millions of UK SMEs in its sights, a truly scalable cybersecurity solution.

CyberSmart is able to automatically check, fix and certify for Cyber Essentials compliance – a UK government cybersecurity certification. This is recommended by the Information Commissioner’s Office (ICO) and is increasingly required across supply chains in multiple industries. 

A Cyber Essentials certification is easily attainable via the CyberSmart platform, reducing the cost and resource typically required to achieve compliance to a matter of hours. SMEs are able to maintain 24/7 compliance across multiple devices, a considerable challenge for most  SMEs. The products offers simplicity and scalability to a complex and manual process.

The London-based startup backed by IQ Capital and Seedcamp was founded by Jamie Akhtar and Mariella Thanner in January 2017. It uses cutting-edge technology and data science to assess and address a company’s cyber compliance and vulnerabilities. Designed to offer SMEs an innovative approach to compliance, it is being used by fast-growing (“Thriva, LiveSmart, Receipt Bank”), and more established businesses (“Hitachi, The Supreme Court”) alike. 

CyberSmart helps organisations identify weaknesses in their information security practices and develop proactive strategies to address cybersecurity threats, thwarting up to 99.3% of cyber threats.

Commenting on the announcement, Jamie Akhtar, CEO of CyberSmart said: “Having been in stealth mode since 2017,through both GCHQ’s Cyber Accelerator and CyLon, we’re excited to be able to scale our operations and start talking about how we’re helping to protect our nation’s most promising businesses from cyber threats. This funding will enable us to achieve scale, within our home market and invest in enhanced technical capability.”

The fundraise was led by specialist deep-tech VC, IQ Capital. The firm recently raised a $300m fund to continue deploying capital to deep-tech and AI startups, offering unrivalled knowledge and solid strategic advice to its portfolio companies

Kerry Baldwin, Partner at IQ Capital said: “CyberSmart is a superb example of the types of companies that IQ Capital invests in – deep tech startups with the potential for global scale. Cybersecurity is now at the top of the agenda at board-level for all data-rich businesses, however, few have proactive strategies in place to tackle the issue. CyberSmart is backed by the Government to help and certify businesses, and we are excited to be part of their growth journey.”

Commenting on the platform, Sally Blake, Marketing Director at Legal Edge said: “CyberSmart was recommended by our own clients who use the platform. They speak our language and are in tune with the requirements of SMEs. Their platform and processes were clearly explained and easily navigated and their responsive platform enables us to communicate and track our compliance activity. The team are extremely helpful, friendly and knowledgeable supporting you at every step of the journey.”

Founded in 2017 by Jamie Akhtar and Mariella Thanner, CyberSmart was selected, after a rigorous competition, to take part in the first GCHQ accelerator programme. From this, the companies were able to have access to government tenders and work with GCHQ’s international network of partners.

CyberSmart has a bold mission to protect and empower SMEs. In order to do so, we need to provide continuous compliance through the entire organisation. This is no small feat, as today’s organisations have diverse systems and modern ways of working. We are extremely excited to announce the next big step in our journey is now live.

A mobile world

The world has gone mobile, and SMEs are more than ever, relying on their mobile phones and tablets to do business. After all, they are pocket-sized computers, connected to fast mobile networks, with all the applications we need to be productive. The smartphone has allowed us to get the most out of these devices including handling and storing sensitive data, processing payments and communicating with others.

The ability to carry such devices in our pockets is driving growth and efficiency on a scale not seen before, allowing SMEs to do business, anywhere, everywhere. But like any internet connected device, this is leaving users open to mobile security threats.

Every device. Every user. Everywhere.

CyberSmart Active Protect is already protecting thousands of devices for hundreds of organisations in the UK, and now that protection and assurance can be deployed on mobile devices. Our new mobile application brings the best of our desktop app to every device in your organisation, securing every user, wherever they are, so your business can focus on what it does best, with peace of mind.

CyberSmart Active Protect

Active Protect checks mobile devices are configured to the recommended security practices, as per the requirements of Cyber Essentials. It guides users on how to protect the device and themselves. It also supports policy distribution to make sure users comply with their company’s internal policies. As it’s an app instead of a profile, it supports both user-managed and corporate provided devices.

Why does my organisation need the mobile app?

• Ensure all devices within the organisation are checked for compliance with Cyber Essentials, preventing potential cyber threats such as mobile spyware and malware.
• Guides users through remediation if they need to address any issues.
• Real-time information feeds back into the CyberSmart dashboard for a single view of compliance.
• Allows users to read and agree on policies on their mobile devices.

What’s next?

The launch of Active Protect is just another step, albeit a very exciting one, in the CyberSmart journey towards our mission. Our team is focusing on rolling out many more advancements across our product range. This includes inspiring and educating SMEs on practices and strategies to combat cyber threats and further simplifying cybersecurity and compliance for organisations.

CyberSmart Active Protect is live in the following stores:

Cyber Essentials has become the fastest-growing information security standard in the world. So there’s no doubt the scheme has been successful. However, the future of Cyber Essentials is uncertain, and this is putting the cybersecurity of UK businesses at risk.

As a member of the first cohort of GCHQ cyber accelerator, the London Office for Rapid Cybersecurity Advancement (LORCA), working closely with NCSC and DCMS, and presenter at CYBERUK, we have had the unparalleled opportunity to draw insights from key stakeholders. After discussions with stakeholders from businesses, industry and government, one thing is clear – there is substantial confusion in the sector. We are in a position to shed light on the challenges and bring clarity to a sector that is shaken and riddled with uncertainty. 

It’s important we consider the feedback of all stakeholders so that we can move forward in a concerted effort to ensure the future security of our nation. All stakeholders share the same vision, but with several conflicting perspectives, there is a lack of agreement to how we get there. As it stands, the scheme and it’s success so far is at risk. This uncertainty has led to underinvestment from the sector and confusion amongst the very organisations needing to be assured. 

If the foundation isn’t put in place for the scheme, much of the progress will be lost or at worse, reversed. If the right decisions are made, for the right reasons, then the scheme can achieve a level of success beyond anyone’s expectations.

In order to make those decisions, clarity of information and a source of truth is required. Here are the key characteristics that will underline the scheme’s future success.

Scalable

Most information security standards are inherently unscalable – they require physical audits, extensive documentation and manual processes. Cyber Essentials set out to address this with self-attestation at the basic level. This allowed the scheme to scale in its initial phase but it’s still not ready for mass adoption. At the current take-up rate, it will take centuries to secure all the businesses that exist within the UK. A delivery chain is needed for the vast and diverse range of organisations within the country. In particular, current certification bodies and the thousands of managed service providers need to be engaged in order to deliver the assurance scheme to all that need it. 

Affordable

Cyber Essentials at its basic level needs to be at a cost that every organisation can afford. That includes the costs of assessing, implementing, certifying and maintaining the standard on an on-going basis. The vast majority of SMEs do not have the ability to implement and maintain the scheme or have the resources to hire dedicated security professionals to assist. There’s also a huge skills shortage of professionals that are best utilised for ensuring the assurance of critical data and infrastructure.

Accessible

The confusion, fear, uncertainty, doubt within the industry means security and compliance are often overwhelming for more organisations. The NCSC website, cohesive guidance and clear language have helped organisations understand what is needed to implement a baseline level of security. The issue remains, it doesn’t help them to implement this. Through the lowering of the technical expertise required to implement and maintain Cyber Essentials, it brings it within reach of many organisations previously inaccessible. 

Consistent

For any scheme to succeed, it must be consistent. Any Cyber Essentials certification should be equal to another. There should be a single standard from an authoritative source, and this should be as objective as possible. The challenge is ensuring consistency across the diverse range of approaches to managing information technology that exists. This includes the micro and small business which don’t have an IT team, those that have third-party managed IT, and larger organisations with dedicated IT professionals.

Data-driven

In order to deliver assurance at this level of scale, we need to use digital systems and data. This brings with it the challenges of managing such data and the requirement for Security by Design and assured technology. However, this also provides real-time insights into the adoption, implementation, maintenance and effectiveness of controls. Data brings us closer to the truth and allows us to ensure the scheme is meeting its aims and adapting to the ever-changing landscape.

Assured

The effectiveness of the current scheme is driven by the focus on ensuring appropriate levels of assurance from a small yet comprehensive control set. With the majority of attacks originating from basic factors not being properly implemented or maintained. The assurance is only provided if continuous compliance is in place. In order to this, it needs to be easier to maintain than to fall out of compliance. 

The future of Cyber Essentials

Fast forward to 2025, after a concerted effort, the UK is now the world leader in cybersecurity. The country is the safest place to live and do business online. This was achieved by making assurance programs accessible, affordable and scalable. It has been brought to a level that everyone can attain with confidence that there is consistency. Data drives the on-going development of the schemes as they respond to the changing environment. Other countries look towards the UK as a model of how an adaptable scheme can defend and assure a nation.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

GDPR compliance became a legal requirement in May 2018 and was put in place to bring transparency and homogenise data privacy laws for citizens in the European Union. The regulation holds organisations responsible for data breaches and imposes heavy fines on them if they are found guilty of poor security measures. The UK Data Privacy Act of 2018 makes GDPR a legal requirement for all businesses.

This higher degree of accountability means organisations need to take action and strengthen their security and protection for personal data. Cyber Essentials is a simple, government-backed scheme that will help businesses, whatever their size, to protect their data against a whole range of the most common cyber attacks.

In this article, we explain how Cyber Essentials can help you on your path towards full GDPR compliance.  

Why would achieving Cyber Essentials help?

Cyber Essentials, a UK government-backed scheme administered through the National Cyber Security Center (NCSC). The scheme provides five basic controls to help organisations protect themselves against common cyber attacks. The NCSC claims Cyber Essentials can help eliminate the risk of 80% of cyber attacks.

The aim of Cyber Essentials is to provide a baseline standard for businesses to safeguard sensitive data, which aligns to the primary concerns addressed by both the European Union regulations and the UK law. The regulation of GDPR in the UK and the notification of all data breaches is delivered via the Information Commissioner’s Office (ICO). The technical controls of Cyber Essentials help you demonstrate to the ICO that you are on the right path towards GDPR compliance.

It is important to note that Cyber Essentials does not ensure total compliance with GDPR, as GDPR is a comprehensive regulation that requires businesses to safeguard personal data. All organisations that handle personal information of EU citizens must comply with the GDPR. Achieving a Cyber Essentials certification is a big initial step towards GDPR compliance. However, businesses still need to take further action after this. See our blog post on GDPR certification.

How can CyberSmart help?

CyberSmart is an automated compliance service that helps organisations become compliant with standards such as Cyber Essentials and GDPR. We provide ongoing compliance, helping businesses protect themselves against emerging cyber threats.

As a certified provider, CyberSmart guides and assists organisations in achieving various standards of compliance. We recognise flaws in your existing security policies and recommend best practices.

Our well-tested process ensures you meet the security requirements of these standards. We take away the stress of understanding and evaluating the requirements of each standard from you.

Conclusion

Cyber Essentials is a great first step towards GDPR compliance. However, it is just one step of the journey. Organisations need to adopt a cybersecurity solution that can scale and adapt according to their growing needs.

Data protection obligations got you in a muddle? Get on top of them quickly and easily with the CyberSmart Privacy Toolbox.