Skip links

How do you know if your data is secure?

Unless your business has somehow escaped the digital revolution during the last 10 years, and I don’t know any organisations that have, then ‘Data Protection’ whilst to many, far from exciting, is probably now one of the most critical issues.
It’s frightening how many business people in small and medium sized organisations believe their IT security is up to scratch, simply because they employ an IT support company with the assumption that they are doing what needs to be done. My experience has shown this is rarely the case. Often its only when the security is scrutinised by a potential customer, an insurer, or a hacker that issues are discovered.
Cyber threats are constantly evolving, so to keep pace, IT security isn’t a one-off endeavour.  It must be regularly checked. Often IT companies focus on day to day support and don’t proactively manage security.  The bottom line is, that in the eyes of the law, your data is your responsibility, so you need to partner with an IT provider who is proactive.GDPR states that business leaders are legally responsible for ensuring their companies data is adequately protected.  Furthermore, those working with sensitive information, are required to comply with even more rigerous data protection regulations. The risks and consequences of Cyber Crime are now so very severe that any sensible business needs to make sure it’s data is properly protected.

Unfortunately, organisations only discover that they aren’t secure when they experience a data breach or a cyber-attack – then of course, it’s too late.  In some cases, Companies are not aware of a data breach until long after the event. Data is made public weeks, months or even years later. An issue under GDPR, which requires data breaches are notified to the ICO within 72 hours.

So how can a non-IT business ensure their data is protected?

It’s quite simple, get it certified by an independent body:
  • This carries weight with your customers and insurers.
  • It demonstrates your organisation takes its data protection seriously.
  • Certification puts your IT support companies work to the test.
  • It provides the tangible evidence of your business required for GDPR.
  • Demonstrating you’ve assessed your IT security vulnerabilities and where necessary done something about it.
The good news:
There is a relatively simple and low-cost Government backed standard called ‘Cyber Essentials’ that’s ideal for achieving this.
  • Cyber Essentials is available in a basic self-certified form. Or
  • Cyber Essentials Plus which requires an independent audit.
The great thing about Cyber Essentials is that it offers every business a practical and recognised framework for managing data protection.  Even if your business decides not to go the certification route, Cyber Essentials provides a valuable set of controls that you can use to improve your data security.
A great approach is to get an audit and use Cyber Essentials as the basis for performing a business IT security risk assessment. You can identify where you are weak and incorporate improvements into your IT strategy and budgets to ensure you are working towards compliance in the future.
This is a smart investment because it will protect, and future proof your business, It is likely Cyber Essentials will become mandatory for all small and medium businesses in the future: it’s already mandatory if you are a supplier to the public sector, and it’s starting to be required for Cyber Insurance.
Don’t be misled into thinking that Cyber Essentials is too basic.  I hear this objection and I think it’s a myth that’s been propagated by IT people who believe that a single ‘all singing all dancing’ piece of technology they sell is a panacea.  I’ve known businesses spend large sums of money on expensive security solutions but miss important fundamentals like ensuring default passwords are changed on network devices.
The important thing to understand is that Cyber Essentials has been developed to mitigate known vulnerabilities and implementing it will protect you against over 80% of Cybercrime which is massive!  Most businesses get hacked by unskilled opportunists that exploit poorly configured networks rather than hackers that cleverly crack your firewall.
If Cyber Essentials really is too basic and you already have all the controls in place then you should probably be looking at working toward ISO 27001 certification for information security, an altogether much bigger undertaking that spans all of your business’s information, not just digital data.  Cyber Essentials is great pre-cursor to ISO 27001 though, so if you are not sure, Cyber Essentials is the place to start.
If this article has resonated with you and you would like to find out more or discuss your IT security strategy, then please do not hesitate me on 0118 920 9600 or email jstratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss ways that Connexion can help.
Established in 1994, Connexion Ltd provides Fantastic IT support for regulated companies,

Rob Leverton

Rob has worked as an IT technician and project manager with Connexion for 14 years before moving into his current role as head of the technical services team.

Although Rob comes from a technical background he’s very much a people person and he is exceptionally good at building excellent working relationships with our customers and his technical team to deliver service excellence to our clients.

Rob Leverton

James Stratton

James is passionate about technology and how it can transform business.  Having worked with hundreds of businesses in many different sectors over the last 25 years he has a huge amount of business IT knowledge that he enjoys imparting to Connexions customers.

James is responsible for Connexions strategic development and also still enjoys a role in consulting and sales and marketing