If your organisation faces a high Cyber threat level, the UK Government's 10 steps to CyberSecurity provides a good starting point to assess that risk and the system of protection that you have in place.

See: the video explaining the 10 Steps to CyberSecurity.

These 10 Considerations are as follows:

Risk Management

Take a risk-based approach to securing your data and systems.

Engagement & Training

Collaboratively build security that works for people in your organisation.

Asset Management

Know what data and systems you manage, and what business needs they support.

Architecture & Configuration

Design, build, maintain and manage systems securely.

Vulnerability Management

Keep your systems protected throughout their lifecycle.

Identity & Access Management

Control who and what can access your systems and data.

Data Security

Protect data where it is vulnerable.

Logging & Monitoring

Design your systems to be able to detect and investigate incidents.

Incident Management

Plan your response to cyber incidents in advance.

Supply Chain Security

Collaborate with your suppliers and partners.

The NCSC's Cyber Essentials programs help you to guard your organisation against cyber-attacks. They help you guard against the most common threats and demonstrate your commitment to CyberSecurity.

There are two levels of certification:

• Cyber Essentials

The NCSC's self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

The Cyber Essentials readiness toolkit. Your responses to the questions in the toolkit help create a personal action plan to help you move towards meeting the Cyber Essentials requirements.

• Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out.

Getting Certified?

The NCSC's Cyber Essentials Partner the IASME consortium can help you to get certified. 

Why should you get Cyber Essentials?

• Reassure customers that you are working to secure your IT against cyber attack.
• Attract new business with the promise you have cyber security measures in place.
• You have a clear picture of your organisation's cyber security level.
• Some Government contracts require Cyber Essentials certification.

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification. More information is available on the gov.uk website.

For more information on Cyber Essentials and how you can qualify - see the next section: CyberSmart - CyberSecurity Made Easy.

CyberSmart - Simple, affordable CyberSecurity for SMEs. CyberSmart makes CyberScurity easy. Their automatic compliance platform makes sure your business meets recognised security standards, mitigating 98.5% of attacks all in a few clicks.

Work safely from anywhere. You need to be sure that employees’ devices are up-to-date, correctly configured and password protected. Without this, your data could be at risk. CyberSmart Active Protect checks laptops and mobiles for the key security requirements, reports on any problems, and gives you the tools to fix them – all delivered in simple, jargon-free language.

CyberSmart also helps you reach: CyberEssential, CyberEssentials Plus and GDPR Readiness security levels within 24 hours. (As part of Active Protect, you’ll also receive access to the CyberSmart Academy – simple, bite-sized training to help your staff develop the skills they need.)

To have a no obligation chat about your requirements and how CyberSmart could help, please feel free to: use the chat service on CyberSmart's web page, or contact Sam Greig by email or by phone +44 (0) 203 514 7577 with any questions you may have. (N.B. Quote "TRADETECH" for 10% off any product offering.)

CyberSmart's solutions include 4 key modules:

1. CyberSmart Active Protect: - Say hello to 24/7 protection from cyber threats, with no need for expensive tools, consultants or an in-house team. Active Protect secures all employee devices that touch your company data. Simply send the downloadable link to your staff and Active Protect will check around the clock for the most common cyber threats and vulnerabilities – giving you everything you need to proactively manage risk.
2. Cyber Essentials: - CyberSmart is the UK’s leading provider of Cyber Essentials certification. They'll have you certified in as little as 24 hours. No jargon. No endless back and forth. And all the expert guidance you need to pass first time.
3. Cyber Essentials Plus: - Cyber Essentials Plus also includes an independent assessment carried out by one of CyberSmart's licensed auditors. Customers don’t have to take your word that you’re cyber secure – they can rely on the expertise of a professional.

Pricing

Click here for pricing starting at £6.00 a month

N.B. Don't forget, for 10% off any product offering, just use the promotional code “TRADETECH”. (This offer expires on 31st March, 2023.)

CyberSmart also offers Cyber Insurance. When a UK-domiciled organisation with a turnover under £20m achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are entitled to opt in to £25,000 of cyber insurance, terms apply.

Additional Resources:

• Cyber Essentials or Cyber Essentials Plus? Which one is right for your organisation?
• A Guide To Cybersecurity Certifications in the UK.
• GDPR White Paper.
• Ebook: Cyber Safety in the New Era of Remote Work.

CyberSmart also provides an extensive Knowledge Base covering:

• Getting Started.
• User Guides
• Cyber Essentials and IASME
• CyberSecurity Learning Centre
• CyberSmart Academy
• CyberSmart Complete.

CyberSmart's blog covers even more CyberSecurity related: tips, suggestions, explanations and advice.

Free End of Year Email Trial Offer

This offer is not available on Darktrace's website - if you are interested please contact Christian Portz directly.

Benefits include:

1. Special EOY discounts for any trial installed in December.
2. Free access to Darktrace’s internal SOC over Xmas period (busiest time of year for cyber-attacks).
3. Extended learning period (14 days vs typical 7 = more free Darktrace).
4. Complete access to all-new version 6 = brand new UI’s and functionality.

A few key points re: the email trial:

• Super-lightweight install (5-10 mins max).
• No commercial obligations / strings attached.
• Doesn’t affect the live environment at all (no live actions during trial).
• Unique behavioural AI approach surfaces any malicious emails missed by MS filters/mail gateways.
• Nice overview of key email health metrics including malicious email / DLP / most targeted users etc.
• Integrates seamlessly with M365 SaaS – reveals any suspicious activity over TEAMS / Sharepoint / OneDrive (account hijack, unusual admin activity/resource creation & amendment, etc – more info below).

Some of the things (amongst others!) that Darktrace identifies:

For email:

• Spoofing.
• Phishing.
• Solicitation attempts.
• Supply chain attacks.

For SaaS

• Account compromise.
• Unusual logins (location and time).
• Sensitive file access/amendments.

See below, Antigena Email_ Product Brief.pdf, and Antigena Email_ Product Brief.pdf for further information about Darktrace's services.

Artificial Intelligence - Advanced Protection by Darktrace. As mentioned in the Introduction, larger more complex organisations will require more sophisticated security solutions. This then raises the question "what does my organisation need?" This not only requires an analysis of your current infrastructure and its current requirement - but also an assessment of what future threats will you face?

If your organisation’s IT security team struggles from lack of manpower and visibility, and could benefit from state of the art AI protection from the likes of zero-day ransomware, insider threat, data exfiltration, phishing emails, social engineering and beyond, Darktrace may well be the answer to your security needs.

The Approach

Darktrace uses Self-Learning Artificial Intelligence (AI) to build an understanding of your unique business. This enables the AI to autonomously detect, investigate, and respond to novel and sophisticated threats across your digital ecosystem - without the need for human input or fine-tuning.

Darktrace learns about your organisation by observing how users, devices, and applications typically behave, forming patterns and continuously revising its understanding in light of new evidence. This enables Darktrace to understand your organisation's "normal" - and therefore able to detect subtle signals of malicious activity as it appears.

Are you:

• Worried about Ransomware?

Darktrace stops ransomware in seconds.

Because Darktrace learns your business, not the breach, it knows how to contain only the malicious activity, avoiding the unintended disruption of normal business operations.

Ransomware is the number one threat vector that Darktrace AI responds to with its Automated Response capability. In addition, Darktrace for Email provides the first line of defence for ransomware by identifying spear phishing attacks before they reach you.

See: Fight Ransomware with AI

• An organisation with <250 employees?

Darktrace Immune System For SME’s Empowers Small Security Teams, allowing even the smallest security team to protect their dynamic workforce from the most sophisticated threats.

See: Darktrace for Small & Midsize Businesses

• Keen to enhance your current Microsoft security protocols?

Darktrace and Microsoft have partnered to help organizations enhance their cyber security across multi-cloud and multi-platform environments. Darktrace complements Microsoft's security with self-learning AI that detects and autonomously responds to novel cyber-threats that evade other defences.

See: Darktrace & Microsoft: Securing the Future of Work Together.

• Concerned about phishing attacks and email security?

Darktrace’s Antigena Email has been voted #1 on Gartner for both integration and overall capability for >1 year.

94% of cyber-threats originate via email, and legacy defenses at the border continue to fall short. Yet whenever Antigena Email and legacy defenses are deployed in the same environment, Antigena consistently neutralizes external threats and data loss that evade email defenses at the border.

See: Why Antigena Email_.pdf

• Open to testing the Darktrace AI for free in your own environment?

Darktrace offers a free 30-day trial process, where the AI can be deployed over email / network / endpoint / cloud / SaaS – or the whole lot, depending on where you’d like increased visibility and protection.

As an added benefit, during the trial you’d have access to Darktrace’s own in-house SOC (120 analysts between Singapore, San Francisco and Cambridge) – a huge asset in terms of protection for your organisation, and an excellent opportunity to observe the value-add; whilst bolstering your own environment’s security.

See: Antigena Email and Protecting the Dynamic Workforce for more information about running your free trial.

See: Darktrace's YouTube Channel for a host of short videos covering all aspects of CyberSecurity.

The first rule with regard to potential legal exposure is: do not create legal problems for yourself e.g.:

• Ensure that you have the appropriate notices on your website regarding: cookies, privacy, terms and conditions etc.
• Comply with the law with regard to data protection e.g. The General Data Protection Regulation, Data Protection Act 2018 (" GDPR") and the Privacy and Electronic Communications Regulations 2003 ("PECR") - and if appropriate register with the Information Commissioner's Office.
• Safeguard your Intellectual Property ("IP").

LawBite can work with you to ensure that you comply with the law with regard to:

• Relevant Legal Templates.
• Data Protection Requirements.
• IP protection.