Skip to main content
18 Jul 2022

Policy Monitor - Cybersecurity is complex, but it doesn’t need to be costly or complicated

Policy Monitor - Cybersecurity is complex, but it doesn’t need to be costly or complicated

Cybersecurity is complex - but it doesn’t need to be costly or complicated

Knowing where to start with cybersecurity can be overwhelming, Nick Denning at Policy Monitor explains how SMEs can take some simple steps to protect themselves against common threats without breaking the bank.

Many SMEs underestimate the threat of cyberattacks - believing they are too small to be a target. Attacks on big brands make the headlines and the jargon used to describe vulnerabilities and malware is complex making it appear to be a big enterprise issue.

The reality is that cybercriminals are organised and operate like a business. They can even have interactive customer support services to make it easier for victims to pay their ransom demands. Cybercrime operators know that going after large companies is risky and carries greater repercussions from law enforcement. All they want are quick and easy paydays and SMEs represent a fertile training ground for new operators to build up experience, tools and reputation.

Cybersecurity is necessary but it doesn’t need to be complex

Cybersecurity is not a luxury, it’s a business necessity and it’s also a business enabler. If your company is secure, you can get on with the day job knowing you have done all you can to safeguard your business.

However, starting on the path to securing your organisation can be hugely daunting. There are so many solutions on the market, with different features, benefits and price points that it can be difficult to know where to begin.

The National Cyber Security Centre, the technical authority in the UK, has created Cyber Essentials (CE), a simple but effective scheme to protect companies against a whole range of the most common cyberattacks.

Cyber Security Policy Manager (CSPM) helps you implement CE, delivering a clear path for SMEs to create a security strategy in easy-to-manage steps. The five fundamental CE controls are embedded within CSPM, providing you with a simple step-by-step process for developing security policies and procedures. Companies are given prompts and guidance at every stage, in jargon-free language. CSPM has been designed so that companies can guard against cyberattacks, without needing expensive security consultants. CSPM also provides educational videos so employees are made aware of how to defend themselves and the organisation from cyberattacks.

Companies can work their way to certification by evidencing they have implemented the five fundamental CE controls. These controls can mitigate 80% of common cyber risks such as hacking, phishing, malware infections and social engineering attacks. The benefit of certification is it sends a clear message that cybersecurity is something your business takes seriously. Certification can reassure customers and suppliers that you are working to secure your IT systems and safeguard their data against cyberattacks.

You don’t have to go it alone

There is no secret to mitigating a cyberattack, it’s the same process as protecting a house. Make yourself a harder target by blocking the obvious entry points and unless the attacker is very determined, they will move on to a softer target. If you don’t know where to start Policy Monitor can help. We are attending International Cyber Expo at Olympia on the 27th-28th September 2022 on Stand B40 in the IASME Pavilion; feel free to call in for a chat.

To read more on this, visit: 

Nick Denning is CEO at Policy Monitor, an exhibitor at International Cyber Expo 2022.