Antivirus and anti-malware are the basic building blocks for any small and medium enterprise’s (SME) cybersecurity strategy. They’re the most well-known cybersecurity tools, and it’s rare to find a business that doesn’t use one.

But do you know what they protect you from, the difference between an antivirus and an anti-malware, and whether you need both? Let’s explore these key talking points.

Malware vs viruses

Before discussing the merits of the two types of software, we must tackle the difference between viruses and malware. Most people assume that the two things are synonymous. Isn’t ‘virus’ just a slightly dated way to say ‘malware’?

That’s almost correct. However, this is the world of cybersecurity, so things are always a little more complicated than they first appear.

The term ‘virus’ describes malicious code that can reproduce repeatedly – just like a biological virus. The code damages your device by corrupting your system or destroying data. Viruses are also usually considered legacy threats that have existed for a long time, and today’s cybercriminals rarely use them.

On the other hand, malware is an umbrella term that refers to many different threats. These range from ransomware to spyware and even some newer viruses (confusing, we know). The key difference is its novelty. 

The threats under the term malware are new, constantly evolving, and very much in use among modern cybercriminals. So, antivirus software providers have upped their game to protect customers.

Considering cybersecurity certification but not sure where to start? Check out our guide to certifications in the UK.

Antivirus vs anti-malware: the key differences explained

As you might expect, antivirus usually deals with older, more established cyber threats. To illustrate, think of warnings from the noughties – endless error pop-ups, trojan horses, and worm viruses. These attacks typically enter your business through tried and tested routes such as email attachments, corrupted USBs, and other standard cyber threat delivery methods.

These cyber nasties are generally very predictable and easy to counter. However, they can still do plenty of damage if left unchecked. 

Anti-malware

Anti-malware software focuses on defending against the latest threats. A good anti-malware protects your business against ransomware, spyware, sophisticated phishing attacks, and zero-day attacks. Anti-malware usually updates its rules faster than an antivirus, making it the best protection against any new threats you might encounter. 

Antivirus vs. anti-malware: which should you choose?

At this point, you might be wondering why you need an antivirus if anti-malware can protect your devices against the most common types of cybercrime. 

Although this is a valid question, it’s a risky way to approach cybersecurity. Sure, most of the threats covered by antivirus might be dated and rarely used by the bad guys. However, that doesn’t mean they no longer exist or that they can’t still give you a significant cybersecurity headache.

Doing without antivirus is a bit like a state deciding to focus exclusively on protection from nuclear threats while neglecting the potential for invasion by land. It’s a flawed approach that leaves your business open to attack.Instead, it’s better to take a layered approach to your cybersecurity – by which we mean installing antivirus and anti-malware software to protect your business against new and old threats. 

Choosing cybersecurity solutions isn’t an either/or dilemma

Antivirus and anti-malware aren’t mutually exclusive. A truly effective cybersecurity strategy includes tools, training, and measures to counter any threat. Something as simple as a Cyber Essentials certification ensures your business complies with the basic requirements to deter cyber threats. This is because the steps to get qualified include:

• Data encryption
• Firewalls
• User access management
• Software and operating system updates

You get support and clear step-by-step instructions for mitigating malware in your business so you don’t overlook any vulnerabilities. Learn how easy it is to get certified today.

At CyberSmart, we recognise that the cost of living crisis not only affects our personal lives, but the way small and medium businesses (SMEs) manage their priorities, too. 

Uncertainty is never the best feeling for any business leader. A dampened economic outlook can result in SMEs becoming more cost-conscious and less growth-minded. And we’re concerned about the impact on cybersecurity. 

That’s why our latest insight, the SME cost of living crisis report, explores its impact on SMEs, leadership, the workforce, and business cybersecurity.

What’s in the report?

We tasked Censuswide with surveying 1,000 UK SMEs to reveal the current state of the cybersecurity landscape for SMEs. 

The report is full of helpful statistics, figures, and insights that reveal the behaviours of decision-makers during the cost of living crisis.

In the report, you’ll learn about:

• What’s driving decision-making in the cost of living crisis?
• The impact on cybersecurity investments 
• Leadership behaviours and mistrust of employees
• Cybersecurity policy and governance factors
• How should SMEs approach cybersecurity in the cost of living crisis?

Discover CyberSmart’s SME cost of living crisis report. Learn more about the impact on cybersecurity, people, and more. Read it today.

Discover key insights about the cybersecurity landscape

At CyberSmart, we work to make cybersecurity simple and accessible to everyone. We aim to provide every business, no matter how small, the tools to protect themselves against cybersecurity threats easily and effectively.

That’s why we’ve incorporated our expert insight into the report, too. We deep-dive into the reasoning behind the report’s findings to support the facts and figures. This provides you with a better understanding of the current SME cybersecurity landscape. 

For example, the report reveals that nearly half of UK SMEs (47%) believe they’re at greater risk of a cyberattack since the onset of the cost-of-living crisis. Why? External threats, insider threats, employee mistrust, and employee negligence are all driving this behaviour, and we explore this in the report. Read it for free today to get the latest insights into SME cybersecurity during the cost of living crisis. 

Cyber Essentials Plus Audit

Here at CyberSmart, we understand that organisations would like a bit more information on how the Cyber Essentials Plus process works. So, to demystify the process, we’ve put together this guide. 

The Cyber Essentials Plus audit aims to secure your business from known vulnerabilities, safeguarding your customers’ data. This not only helps ensure your business is working safely, but also builds trust with your customers and can help you win new business.

The first step in completing the Cyber Essentials Plus audit is to let our team know that you are ready to be sent the information for this assessment.

How To Schedule a Cyber Essentials Plus Audit  

Once you have confirmed, you’re ready to begin your Cyber Essentials Plus journey. We’ll send you the Qualys agent to deploy to your devices. This agent will scan your machines for known vulnerabilities and compare them against the National Vulnerability Database. Any vulnerabilities found with a CVSSv3 score of 7 and higher (Critical/High) will need to be resolved. 

Unsure which certification is best for you? Check out our guide to cybersecurity certifications in the UK.

The Assessment Process

On the day of the assessment, the following will take place:

• Internal vulnerability credentialed patch audit scan of all sample devices in scope using Qualys.  (unless you have your own PCI DSS approved scanner)
• External vulnerability scan of externally facing IPs/services
• Observing how devices process emails with test attachments – access to user device required via screen sharing. The email address of the user of the in-scope device will be required not a generic generated one for the assessment
• Observing how devices handle downloads of file attachments from our test websites – access to user devices is required via screen sharing.
• Checking the installation and configuration of anti-virus software.
• iOS / mobile checks (If in scope)
• Perform Multi-Factor Authentication (MFA) test on all listed Cloud Services provided in Cyber Essentials self-assessment to ensure MFA is enabled on Admin and User accounts
• Confirm Account separation between Admin and User accounts

Consent Form and Certificate

During the assessment, our assessors will carry out the Cyber Essentials Plus audit which includes a scan of your external IP addresses. Please note, that the scan can only be completed if you have signed our consent form. This will be emailed to you during the process.

It’s vital the consent form is returned to us before the day of the audit in order to ensure that it can be completed without delay. 

Once the audit has been successfully completed, our assessors will upload the results to IASME and issue your certificate.

Additional Resources

Your organisation is completely in charge of how quickly or slowly you want to take this process and our CX team is on hand to help at every stage. 

For more information on the Qualys agent please see our guide to deploying the Qualys agent.

Qualys Installation guide

If you have any questions on the Cyber Essentials Plus process please reach out to your account manager, or directly to our CX team through our Live Chat feature.

Another week, another good news story at CyberSmart. We’ve joined Kickstart’s new accelerator. Here’s what it all means.

What is Kickstart? 

Kickstart is one of Europe’s largest innovation platforms. It helps start-ups in a variety of sectors from FinTech to food and retail to innovate and scale sustainably. 

Since its founding in 2015, Kickstart has helped create over 220 commercial partnerships and supported 323 start-ups. 

What does the accelerator involve? 

Companies selected for the accelerator take part in a ten-week programme. It’s designed to breed commercial partnerships and encourage collaboration between start-ups and Kickstart’s partners. Its partners include AXA, Co-op, Swisscom, La Mobilière, PostFinance, Sanitas, The City of Zurich, Canton de Vaud, Credit Suisse, Galenica, CSS Insurance and others.

What does this mean for CyberSmart?

We’re delighted to be picked for the accelerator’s InsurTech cohort. Not only did we beat some strong competition, with applications coming from 58 countries, but we’re also set to work alongside some of the biggest names in the FinTech and InsurTech industries. 

This represents a massive opportunity for us. We’ll learn from and collaborate with some of the best. And, it’ll help us generate new ideas, refine our current products, and reach more small businesses than ever before.

All in all, it’s another step in our journey to protect every small business from cyber threats. Stay tuned for what comes next.

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

We love an awards ceremony at CyberSmart. It’s a chance to wear long-neglected formal wear, snaffle a free dinner, and meet up with the people that make cybersecurity such a great industry to work in.

However, what we love even more than the glitz and glamour is winning. So imagine our delight when we were nominated for the 2022 SC Awards Europe and CompTIA Spotlight Awards and took home a gong at each. 

What were the awards?

The SC Awards Europe, run by SC Media UK, is one of the most prestigious events in the cybersecurity industry’s calendar. It aims to recognise and reward products and services that continue to stand out from the crowd, exceeding customer expectations to help defeat imminent threats and cybersecurity attacks.

The nominees and winners of these awards usually, read like a who’s who of the cybersecurity sector. So we were very happy to be nominated, particularly as we narrowly missed out on an award last year.

The Computing Technology Industry Association (CompTIA) is a global leader in the training and upskilling of IT professionals. And, it’s one of the leading voices in our sector. Perhaps unsurprisingly, this makes the organisation’s annual awards ceremony a must-attend within the cybersecurity industry. 

What did we win? 

We won both the CompTIA UK Innovative Vendor Spotlight Award and SC Awards Europe’s Best SME Security Solution award.

We’re incredibly proud to win two such prestigious awards, especially amongst such impressive competition. We’d also like to say congratulations to all the other nominees and winners.

What comes next? 

Although we’re always thrilled to win awards, our work is far from done. We won’t stop until every small business has the knowledge and protection to keep themselves safe from cyberattacks.

As we write this, SMEs are being targeted like never before and there are still too many without adequate protection. And these awards, while proving we’re on the right track, only spur us on to help more small businesses.

To find out more about what drives us, read our latest guide, The State of UK SME Cybersecurity. It’s full of useful insights on the risks small businesses face and what can be done to counter them. Get your copy here.

Awards season is in full flow and it’s already been a successful one for CyberSmart, as we scooped two awards at Computing’s Security Excellence Awards 2021.

What are the Security Excellence Awards? 

Computing’s Security Excellence Awards celebrate the achievements of the tech industry’s leading security companies, products and personalities. Or, as they put it, ‘the ones who keep the rest of the industry operating’.

This year has been a particularly tough year for anyone working in cybersecurity. Remote and hybrid working have become commonplace, nation-state and ransomware attacks are on the rise, and a society that previously gave little thought to cybersecurity has suddenly been forced to start thinking about it in a big way.

These awards are a well overdue celebration of the best of a turbulent year. 

What did CyberSmart win?

We’re delighted to have won two awards, one for CyberSmart as a business, and the other for our SME-focused product, CyberSmart Active Protect. Here’s a little explanation of each award: 

Security Vendor of the Year – SMEs

“SMEs are often forced to make do with ageing infrastructure and legacy systems, and may be unable to defend themselves against new threats. This prize will go to the company that can best aid SMEs in their constant battle to avoid becoming the ‘low-hanging fruit’ of cybersecurity.”

SME Security Solution Award

“SMEs are prime targets to malicious agents, with small teams and often similar budgets. The cost of large and expensive security offerings can make SMEs feel priced out of the market, so in this category, we’re looking at affordable services that still offer the range and scope of security coverage any larger organisation typically enjoys.”

What does this mean for CyberSmart? 

First of all, we’re thrilled to have won these two awards, particularly as both focus on SMEs. Since our founding, we’ve made it our mission to make cybersecurity simpler and more affordable for SMEs. So, to be recognised at an awards ceremony for doing exactly that is proof we’re on the right track.

However, our work is far from done. SMEs are being targeted like never before and there are still too many without adequate protection. While welcome, these awards only add fuel to our fire for 2022 and beyond.

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Cyber Essentials certification has numerous benefits. You probably know all about the headline ones, such as protection from 98.5% of cyber threats and peace of mind that your staff are working safely. 

However, there’s another advantage to certification that’s discussed less frequently. Cyber Essentials certification can also help your company win new business. How? We’ve enlisted a few of our clients to explain in their own words. 

Government tenders 

Cyber Essentials (or Cyber Essentials Plus) certification is a mandatory requirement for funding in some parts of the NHS and education system (ESFA funding, for example). 

But Cyber Essentials also has another role to play. Certification is fast becoming a requirement to bid for many UK government tenders. And, getting certified can not only unlock new opportunities for your business but also make the whole process easier, as Kim-Lisa Gad, Governance, Risk and Compliance Manager at Vula Mobile, explains: 

“Certification has made the process of submitting tenders and business documentation much easier. The certification itself answers many of the questions we’re asked in potential business agreements.”

Building trust 

In an online economy teeming with potential risks, trust is often a prerequisite for doing business. After all, how can you know whether a new partner or supplier is following the cybersecurity best practices they claim to be?

You need proof. And this is where Cyber Essentials comes in. Cyber Essentials is a simple, cost-effective way to demonstrate your security credentials to potential customers and partners:

“Our customers, partners and prospects have really appreciated the additional assurance that certification provides. What’s more, their trust in how we manage our business and the services we provide has also increased. 

We find once we’ve submitted our Cyber Essentials Plus certificate to other businesses, they’re generally satisfied and don’t require any further proof of our commitment to security. The certificate provides all the proof they need.”  – Kim-Lisa Gad, Governance, Risk and Compliance Manager at Vula Mobile

“FNA works with some of the most important financial institutions in the world and handles highly sensitive data. As such, it is critical to them that they take every precaution to meet a high standard of cybersecurity.

Sometimes, you actually need to see that you can trust someone to trust them. With the help of CyberSmart’s app, FNA’s leadership team were provided with an efficient means of verifying that all their employees have met the basic security checks. Rather than having to manually assess every individual device, the CyberSmart software helps FNA run automatic audits in the background and sends alerts when individuals drop below certain standards. In a way, removing any ambiguity surrounding what employees may or may not have done and offering peace of mind.” – Kimmo Soramaki, Founder and CEO of Financial Network Analytics

New business 

Lastly, Cyber Essentials certification can mark you out as a trustworthy business that takes security and data protection seriously. In a world where proof of cybersecurity credentials is increasingly important, this makes you an attractive proposition to prospective customers and partners. 

Ben Pook, Director of Play Verto, explains how getting certified has helped his business: 

“The impact of not having the right security measures in place is massive. Our customers and partners rely on us to keep their data secure. CyberSmart offers an additional service that is critical in giving both ourselves, as well as our customers, peace of mind.

When we take on a new client, they want to understand how we collect data, how we store it, where it is stored, which servers we are using etc. With CyberSmart, all of that information is in one place and easily accessible. What’s more, the certificates themselves are a demonstration that we take security seriously in the eyes of our customers.”

So there you have it. Not only can Cyber Essentials dramatically improve your business’s cybersecurity, but it’s also a great way to gain an edge over competitors and open up new avenues of opportunity. And, at CyberSmart, we can get you certified in as little as 24 hours. Click here to find out more.

Awards season is just around the corner. So we’re delighted to kick proceedings off with a bang, bagging three nominations at the 2021 Network Computing Awards. 

What is the Network Computing Awards? 

Network Computing Magazine is one of the UK’s most prominent online tech publications. It began life in the 1990s as a monthly print publication covering the tech world, before moving to online-only in the late noughties.

As part of its focus on IT and tech, Network Computing also hosts an annual awards ceremony celebrating the best the industry has to offer. Past winners read like a veritable who’s who of tech royalty, including everyone from SolarWinds to Dell and Cisco.

What awards is CyberSmart up for? 

We’re honoured to have been nominated for three awards:

Remote Working Product of the Year (Cybersmart Active Protect)

The One to Watch Company (CyberSmart)

The Innovation Award (Cybersmart Active Protect)

We’re particularly proud to see CyberSmart Active Protect up for two awards. We’ve spent most of the year so far refining our approach to cybersecurity for SMEs. And these nominations are a great early sign that we’re on the right track.

But we’re just getting started. The rest of 2021 will see more exciting developments and the launch of several new products.

In the meantime, we’d like to wish all the other nominees the best of luck. We’ll certainly be crossing everything in the run-up to the ceremony on the 21st of October! 

Are you a small business looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene. 

You’ve likely heard the term ‘cybersecurity policy’ before. But what is it? And why does your company need one? 

What do we mean by ‘policy’? 

A ‘policy’, in cybersecurity terms, is a set of principles that guide decisions within an organisation. These principles can inform the decisions senior management make or guide employees in their day-to-day activities. A great example of the latter is a password policy.

What is the purpose of a policy?

A well-crafted policy can help your organisation achieve its goals, say reducing the risk of phishing attacks or compliance with Cyber Essentials. Any policy worth its salt should outline what employees should or shouldn’t do, offer directions on best practices, and guidance for decision making. 

Why are policies so important? 

According to research,  90% of security breaches occur through human error. However, improving your cybersecurity isn’t about blaming employees for their all-too-human mistakes. It’s about giving your people the tools and knowledge to better protect themselves.

According to research,  90% of security breaches occur through human error

This is where policies come in. Policies and procedures provide a roadmap for day-to-day operations. They ensure compliance with laws and regulations, offer guidance,  and even help employees make better decisions. After all, if your people don’t know which behaviours are harmful, they can’t correct them.

But clear, readily available policies have benefits beyond merely reducing the likelihood of a successful security breach. Here are just a few.

Improved efficiency 

Sometimes clear policies are all that stand between a business and organised chaos. Sure, everyone’s working, but are they all pulling in the same direction? Or adhering to company values?

When everyone is following policies and procedures, a business will generally run smoothly. Management structures and teams operate as they’re meant to while mistakes and hiccups in processes can be quickly identified and addressed. 

What’s more, when everyone understands what’s expected of them and goals are clearly defined, time and resources are managed more efficiently. And this will ultimately help you meet targets and grow. 

Better customer service 

There’s nothing more frustrating than receiving wildly different service from two separate interactions with the same organisation. It could be your utility provider, GP surgery or bank, but we’ve all experienced the irritation it causes. 

Having clear, easy-to-follow policies in place is a sure-fire way to stop your business from providing erratic customer service. When policies are followed, tasks are performed correctly and every customer receives the same high level of service – enhancing your business’s reputation to boot. 

A safer workplace 

Workplace accidents and incidents are far less likely to happen if everyone’s working to the same standards and principles. This not only reduces liability risk for your business but also cuts downtime and disruption. And, even if the worst does happen, you’ll weather it much better with a clear procedure on how to deal with it. 

How can CyberSmart help? 

We’ve discussed why policies are important but now comes the tricky bit. How do you ensure that everyone in your business has access to the policies they need to work safely? And, more important still, how do you make sure they read them?

CyberSmart Policy Manager allows you to digitally upload and share policies straight to staff’s devices through our platform, CyberSmart Active Protect. Policies can easily be uploaded through the CyberSmart Dashboard and made available to your users instantly. 

What’s more, you can be sure your employees read them. Our Dashboard provides you with a digital audit trail of when policies have been read and agreed upon. 

But what if you’re unsure of where to start when creating a new policy? Well, we’ve got you covered there too. We’ve put together a handy set of templates to help you get started. These are free to download from your CyberSmart Dashboard and easily modified to suit your business. Our policy templates include: 

•  Data Classification policy 
•  Cyber Essentials policy 
•  Data Protection policy 
•  IT Access policy 
•  Security Awareness and Training Guidelines policy 
•  Work From Home Covid-19 policy

We also offer a GDPR policy pack as part of our IASME and GDPR certification.

And that’s all there is to know about policies. They’re a simple tool, but one that provides an important first line of defence for your business against cyber threats. Hopefully, this blog has armed you with all the knowledge you need, but if you have any questions please get in touch, our team are always happy to help.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CyberSmart, UK leader in simple and accessible automated cybersecurity technology for SMEs, has today announced the completion of a successful over-subscribed Series A funding round, bringing the total raised to over $10 million. Alongside deeptech fund IQ Capital and with the additional support of InsurTech specialist, Eos Venture Partners, and data science-focused Winton Ventures, CyberSmart is set to further disrupt the cybersecurity market. The funding will be used to enhance their product’s capabilities further, invest in channel partnerships as well as scale into the UK and beyond. In this way, playing a fundamental part in the company’s long-term goal to protect and empower SMEs globally.

The company drives value for customers and partners through its ‘golden triangle’ approach; supporting SMEs in protecting their data, assuring their security posture and providing tailored and affordable insurance coverage. CyberSmart’s intuitive online platform automatically and continuously assesses personal and company devices in real-time, alerting users when security and compliance standards have not been met. SMEs benefit from 24/7 monitoring and protection, government-grade assurance via Cyber Essentials certification and ongoing support with training, compliance, policies and procedures.

CyberSmart is collaborating with a number of insurance companies and strategic corporate partners across Europe, including Aviva and Starling, to ensure SMEs are protected and covered, whilst benefiting from reduced insurance premiums and policy excesses.

“The amount of support we have received thus far is humbling, and just goes to show the gap there is in the market for our offering. Cybersecurity solutions are often tailored to large enterprises with extensive teams and resources, whilst SMEs are left behind. With the help of our investors, we are challenging this mentality”- Jamie Akhtar, CEO and co-founder of CyberSmart

It is this comprehensive approach to cybersecurity and a focus on accessibility, both in terms of cost and functionality, that distinguishes CyberSmart from the crowd. This has driven an influx of capital and a wide variety of enthusiastic investors, with many current investors and angels doubling down on their commitment to the company.

“The amount of support we have received thus far is humbling, and just goes to show the gap there is in the market for our offering. Cybersecurity solutions are often tailored to large enterprises with extensive teams and resources, whilst SMEs are left behind. With the help of our investors, we are challenging this mentality,” said Jamie Akhtar, CEO and co-founder of CyberSmart. “Staying true to our mission of empowering SMEs to tackle cybersecurity is paramount. As such, despite the overwhelming interest we received from investors, we have been selective in determining who comes aboard as we define this new category for ourselves.”

“We are very excited to partner with Jamie and the brilliant team at CyberSmart. We’ve been impressed by the scalability of the technology, which is helping a fast-growing number of SMEs build their digital presence while staying secure”, said Antoine Pechin, Vice President of Winton Ventures. “We also think that CyberSmart can play a key role in developing the SME cyber insurance space.”

“We are very excited to partner with Jamie and the brilliant team at CyberSmart. We’ve been impressed by the scalability of the technology, which is helping a fast-growing number of SMEs build their digital presence while staying secure”- Antoine Pechin, Vice President of Winton Ventures

“Cyber risks, particularly ransomware and malware attacks, are an ever-increasing threat to small businesses globally, with many SMEs facing a protection gap and lacking the knowledge, expertise, insurance coverage, and access to tools and resources to help protect their organisations, ” said Carl Bauer-Schlichtegroll of Eos Venture Partners. “The CyberSmart platform is a complete solution to easily support and protect businesses, demonstrated by strong early traction with thousands of customers and large corporate partners already leveraging the platform. We are excited to partner with this exceptional team and co-investors, and look forward to working with the Company to build on their achievements to date, further cementing their position as a leader in the cybersecurity sector.”

“IQ Capital has supported CyberSmart since their seed round and we are tremendously proud of CyberSmart’s rapid growth within the underserved SME cyber protection market,” said Kerry Baldwin, Managing Partner at IQ Capital. “We are pleased to continue working closely and to support the team on their growth and international expansion alongside the new investors.”