Although cyber-crime is increasing significantly, there is no real understanding of how much, unless you are an IT technician or a victim. These same IT technicians and victims also understand the damage that is caused by a cyber breach. If you find your IT team are putting pressure on you to be more cyber aware and invest in cybersecurity, thank them for being proactive!
Carden IT Services are here to let you know of the potential dangers. It’s up to you to choose the level of protection for your business and our packages have been built to deliver just this. We present, you choose, we deliver.
“Organised crime is shifting, are all your digital assets protected?”
“The risks are high; the threat is increasing”
Lets be clear, no successful cyberattack is minimal damage. Usually a successful attack will lead in loss of business, a large financial loss, stress and embarrassment. Note the “and” and not “or”, all of these apply in the same event, not just one of them.
“Cybersecurity is now more than just a product”.
Cyber Resilience – Identify -> Protect -> Detect -> Respond -> Recover.
Cyber Resilience is a measure of a businesses strength in preparing for, operating through, and recovering from the eventuality of a cyber-attack.
Cyber Resilience relies on the successful ability to identify, protect, detect, respond and recover quickly from an adverse cyber event and combines cybersecurity, business continuity and incident response.
How do we do it?
Our cyber-security packages are only available to our business IT support clients. The reason for this, is we have to be the end to end solution for those who take cybersecurity seriously. This starts with providing the right products as part of our IT support packages, which then enable us to deliver on cybersecurity monitoring and protection.
Phase One – Cyber Essentials
All packages start with a Cyber Essentials certification which is a UK government scheme found here. This can be a Cyber Essentials or a Cyber Essentials Plus. Read our Cyber Essentials Certification blog.
TLDR – to qualify for Cyber Essentials certification, you must ensure compliance in these five areas:
- Secure internet connection.
- Secure devices and software.
- Controlled access to your data and services.
- Protection from viruses and other malware.
- Your devices and software are up to date.
Price wise, a £350 cost from the certification board, plus time for your IT team to complete the assessment, which involves a questionnaire and an assessor qualifying the questonnaire. A Cyber Essentials Plus however involves the certification board physically testing the security of your IT, so the cost depends on the size of your IT network. This provides 2 problems:
- An initial outlay in month 1.
- Changes in the business could see you fall out of scope after, but you are still technically certified. We believe all businesses should remain at certified level after exam day.
Our packages takes your Cyber Essentials or Cyber Essentials Plus certification cost,and rather than pay it in 1 month, we wrap it into a service. This service involves spreading what would be an upfront cost to your business for becoming certified, and spreading it over 12 months.
On top of this, your business is assigned to our dedicated cyber security team, who Identify -> Protect -> Detect -> Respond, every day, monitoring all of your physically devices, your cloud solutions, your credentials on the dark web, trains your team on cybersecurity but most importantly completely locks your IT system down to prevent any unwanted visitors.
Phase Two – Identify and Protect
Effectively, our team is dedicated to analysing and implementing:
- What services do you use? For example Exchange Online, SharePoint, Teams.
- When do you use them? For example time of day, weekends, 24/7.
- What devices do you use them from? For example desktops, laptops, mobiles and tablets.
- Where do you use them? For example IP addresses, geo-location.
We spend a considerable amount of time designing, managing and most importantly maintaining your lock down plan, designing an internal compliance dedicated to your company.
Quite simply, if access is not required from a device type, location and/or IP address, it is restricted. This is not limited to your entire company being on the same settings, and rather than “who needs most access” our though process is “who needs the least?” and restricting each service as much as possible.
Any future IT changes are risk assessed, documented and protected, ensuring you are cyber complaint 24/7/365, not just on exam day.
We also utilise every single software asset you have. Antivirus is monitored and managed, web filtering is locked down as much as required, devices are encrypted and Mobile Device Management added where licenses allow. For more information on MDM, please see our post on Microsoft Intune.
Phase Three – Detect
A Managed Service Operations Centre is installed and used to monitor and alert on all of your endpoints identified in phase two. A SOC monitor is added onto every available endpoint, be it a device, cloud asset, password or service. Any alert raises a ticket with us, which is assigned to our engineers. Our SOC runs externally to our clients networks, and all monitoring is secured down to IP address.
This also occurs for your other IT software assets. We utilise your antivirus, ransomware protection and web filtering, raising alerts to our team for any breaches.
Finally, we also add any vendor alerting available to us, for example the Microsoft 365 Security and Compliance Center.
Phase Four – Respond
Anything suspicious is alerted immediately to our cyber team, who address the concern, adding any additional protection required to prevent future events. An example of such event could be a password leak onto the dark web from a compromised website, where our cyber team would immediately contact the user and force a password change.
How much will this service cost?
Our cyber package price varies, depending on:
- Cyber Essentials or Cyber Essentials Plus.
- Number of devices used in the business.
- Number of users in the business.
- Complexity of geo-locations required by the business.
All packages are a minimum of 1 year, as your Cyber Essentials cost is spread across that term, added to it the other services provided above. Following year 1, renewals are discounted based on the renewal of Cyber Essentials\Cyber Essentials Plus, which is cheaper to process from an IT perspective.
If you would like to hear more about this service, please contact us today.