You’ve probably heard the phrase BYOD before. ‘Bring Your Own Device” has been the darling of business and technology journalists for much of the last decade. And BYOD really is more than just hot air and hyperbole. For SMEs, it has the potential to change the way we approach procurement and resourcing forever.

However, what you’re less likely to have read about, is its connection with the Cyber Essentials certification. So, if you’re considering taking the plunge and adopting a BYOD policy, read our short guide first. 

What is BYOD?

BYOD, or Bring Your Own Device, is simply giving employees the option to use their own devices for work. And this can mean everything from their own smartphones through to tablets and laptops. 

Why do businesses adopt BYOD?

Like most business decisions, the benefits of switching to BYOD are largely cost-based. As any SME founder will tell you between grimaces, procuring hardware for all your staff can be eye-wateringly expensive. So having employees use their own is an immediate boost to a businesses’ bottom line. A Cisco report into BYOD found that businesses using it saved on average $350 per person, per year. 

But it’s not all about the money. BYOD also offers employees greater choice over the tools they use for work. Anyone who’s ever used an Apple laptop at home and Windows machine at work (or vice versa) knows how annoying it can be to keep switching between operating systems. So why not let your people choose? 

On top of this, BYOD can provide productivity benefits. The same Cisco study revealed that workers save an average of 81 minutes per week by using their own devices, or nine working days every year. And it can even improve employee wellbeing. In a study produced by Samsung, 78% said it helped them achieve a better work-life balance. 

What does it have to do with Cyber Essentials? 

So BYOD has many benefits and is becoming ever-more popular in the UK – 45% of UK businesses in 2018 had some form of BYOD plan. But what does this have to do with Cyber Essentials?

Well, it’s actually very simple. Any device being used for work purposes is likely to connect business networks and access company data. This poses security risks. 

As we discussed in our recent ebook on remote working, employees using their own devices to access company networks and data can present a host of problems. Personal devices will often have inferior security tools to business ones. Employees are less likely to follow strict security protocols on their own devices. And, there’s plenty of evidence to suggest that we all engage in riskier behaviour when using our personal laptops and phones.

All of this can expose your business to unnecessary risks. But it doesn’t mean you need to scrap your plans for BYOD.

Does Cyber Essentials cover BYOD? 

If a device is used to connect to the business network or access any business information, then it should be considered within the scope of Cyber Essentials. This includes doing some after-hours work on your home computer, accessing the company Google Drive, and even browsing work emails on your mobile. 

If a device is used to connect to the business network or access any business information, then it should be considered within the scope of Cyber Essentials

It’s all too easy to fall into the trap of considering personal devices some separate entity, entirely disconnected from work. But that just isn’t the reality of many of our working lives. In our ‘always-on’ culture the personal and professional have a habit of bleeding into each other, particularly in an era when many of us are working remotely. 

This means it’s vital you ensure that all devices used for work, whether personal or company-provided, follow the core tenets of Cyber Essentials. For example, ensuring security settings are switched on and up-to-date, anti-malware tools are installed, and apps are regularly updated. 

What if you don’t have a formal BYOD policy? 

Even if your business doesn’t have a formal BYOD policy, it’s still important you guard against the threat posed by personal devices. To illustrate, at CyberSmart we don’t have a formal BYOD policy, but we know many of our people use their phones to access emails and files. 

So to ensure we’re not giving cybercriminals a backdoor into the business, we ask that every employee installs CyberSmart Active Protect on any device they might access work from. The CyberSmart app constantly checks any device that it’s installed on is compliant with Cyber Essentials and flags any problems to both us and the user. This means that however our staff choose to work, we can be sure they’re doing it safely. 

BYOD has the potential to totally transform the way your business looks at procurement. But it also requires good cyber hygiene if it’s to be liberatory rather than a liability. So if you’re considering adopting BYOD, start by getting Cyber Essentials certified. 

If you’re like most businesses, you’ve probably spent most of 2020 in a convoluted game of musical workspaces. January to March in the office. March to August at home. Back in the office for September and October. Then back home again for November.

Fortunately, it looks like the end is in sight. Several pharmaceutical companies are on the verge of creating an effective COVID-19 vaccine. However, even with the discovery of a vaccine, it’s unlikely our working environments will ever return completely to their pre-pandemic state. 

Many businesses, as well as their employees, have noted the benefits remote working can bring. And this is leading to an increasing number considering making the switch for good. However, if your business is thinking about adopting remote working full-time, or even just cutting the hours you spend in the office, there are a few things you need to know.

To help, our team of cybersecurity and compliance experts has created a new guide, Cyber Safety in a New Era of Work. In it, we tackle a few of the questions on everybody’s minds and show you how to make the transition to remote working safely. 

What’s in the guide? 

Our guide is broken down into three parts. First, we look at how we got here and what’s driving changes in the way we work, including the benefits of remote working. Then we look at the cybersecurity risks working from home presents for a small business.

Finally, we look at ways to overcome the challenges remote working brings. No CyberSmart guide would be complete without some simple steps small businesses can take to protect themselves. 

Download our new guide here or follow the link below.

Three really is the magic number for CyberSmart. We’re delighted to announce we’ve been nominated for three awards at the upcoming Network Group Awards 2020.

Who is Network Group?

Network Group is a member-owned organisation committed to transforming the customer experience and driving customer-led growth in the tech sector. It aims to do this by providing tech business leaders access to peer group support, development tools and new opportunities.

What are the awards for?

We’ve been nominated in three categories at this year’s awards: 

• Specialist Vendor of the Year
• Business Product of the Year
• Biggest Impact New Partner

We’re especially pleased to have been nominated in the ‘Biggest Impact New Partner’ category. Firstly, because we’re up against some truly innovative businesses. And, secondly, because our goal is to make an impact globally. 

Cybercrime is projected to cost the world $6 trillion annually by 2021, and 58% of it targets small businesses. Meanwhile, businesses with the resources to weather continuous cyberattacks are gaining an unfair advantage over small businesses who don’t. We call this the ‘cybersecurity gap’. 

Our aim is to help SMEs all over the world bridge this gap, by improving their understanding of cybersecurity and giving them the tools to better protect themselves. So, to be recognised as making an impact, even at this early stage, is real motivation for 2021 and beyond. 

Are you a small business looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

‘Patching’ is one of those cybersecurity terms that sounds simple and homespun while somehow also appearing technical and complex. But in reality, patching is one of the easiest ways to protect your business against cyber threats. Here’s everything you need to know about it: the what, the why and the how. 

What is patching?

Remember how your mum would fix your school uniform with a patch of similarly coloured fabric when you ripped it falling over in the playground for the hundredth time? Well, the same principle applies to patching in cybersecurity. 

Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem with security patches. 

Just like the million little fixes to your school trousers, security patches are small adjustments. They don’t change the fundamental function of the software, but they do get rid of ‘holes’ a cybercriminal might exploit to access your data or systems. 

Why is patching important? 

The best way to illustrate why patching is so important is to give an example of what happens when it isn’t used. Remember the Wannacry ransomware attack back in 2017?

The crisis began when the USA’s National Security Agency (NSA) discovered a vulnerability within Microsoft Windows. However, rather than report this immediately to Microsoft, the NSA used its knowledge of the vulnerability to create software capable of exploiting it. Unfortunately, cybercriminals then stole this tool from the NSA and used it to launch the Wannacry attack. 

The result of this unpatched vulnerability was an onslaught of ransomware that cost organisations across the globe $53 billion, including a £92 million bill for the NHS. 

Why is this relevant to SMEs? 

Of course, as an SME, it’s unlikely you’re sitting on software vulnerabilities that could put an almighty dent in the global economy. But that doesn’t mean patching isn’t important. 

If the tools you’re using – say, your operating system or anti-virus software –  have vulnerabilities, it gives the bad guys an easy route into your systems. Once they’re in, confidential employee information, financial data, and everything else your business guards closely, is at their fingertips. 

And it’s not just your business. As Wannacry proved, a weak link anywhere in a supply chain puts everyone in at risk. 

How do you make sure your business is protected?

The best thing about patching is that it’s the simplest thing you can do to improve your business’s cybersecurity. All it requires is that you continually update the software and tools you use. This could mean checking for updates every few days or just simply switching on the auto-update setting for all company devices.

This is very easy to do on a personal level. But what about if you scale this practice up company-wide? Surely keeping track of several or even tens of employees’ devices is tricky, to say the least?

There are two relatively simple routes around the problem. 

Clear security policies

The first is clear company security policies. Make it clear to your people that everyone needs to update software as soon as a new version or patch is released and explain why. Most of us are more likely to adhere to a policy if we know why it’s there and what we risk if we don’t follow it. And don’t squirrel it away on some long-forgotten corner of your company server. Ensure everyone has access and knows where to find it. 

Use an active protection tool

The second approach is to use an active protection tool like CyberSmart Active Protect. Active Protect scans all of your company devices every 15 mins, checking everyone is using the latest versions of software and security settings are configured properly. If anyone in your business has missed something, you’ll know about it through the CyberSmart Dashboard.

Our products can even help with creating clear policies. CyberSmart Policy Manager allows you to host your security policies in-app and distribute them to all company devices. So you can be sure everyone has access to and reads your organisation’s policies. 

Although it doesn’t sound like much, ensuring every tool your business uses is running the latest version really is the first step to a safer working environment. So why not start making it part of your routine today?

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

If you’ve been considering improving your cybersecurity lately, chances are you’ve come across the phrase ‘cyber hygiene’. And you’re probably also wondering what it means. Cyber hygiene is one of those slippery phrases that seems to change meaning depending on who’s using it.

So, in the interests of clearing up some confusion, here’s our guide to cyber hygiene. What it is. Why it’s important. And, what it looks like in practice. 

A definition of cyber hygiene 

Simply put, cyber hygiene is the steps and practices every organisation should take to ensure good digital health and protect themselves against cyber threats. The idea behind cyber hygiene is that these practices should become part of our day-to-day routine. Think of it as a bit like your physical hygiene, say brushing your teeth twice a day, washing your hands regularly, or wearing a face mask. 

Why is it important?

In the same way that if you don’t look after your teeth you’ll eventually end up with a hefty dentist’s bill, your cybersecurity needs constant maintenance to avoid a breach. 

But cyber hygiene’s importance goes beyond simple maintenance. There’s a widespread perception among SMEs that cyber-attacks are something that happens to bigger, higher-profile companies. It’s not hard to see why- after all, the news cycle is filled with tales of the latest Fortune 500 behemoth to suffer an embarrassing breach.

Unfortunately, this couldn’t be further from the truth. According to research from the Federation of Small Businesses, in the last two years alone, SMEs were subject to 10,000 cyberattacks daily. And 1 in 5 reported suffering a breach during the same period. 

In the last two years alone, SMEs were subject to 10,000 cyberattacks daily

What’s more, the risks are only growing with many businesses switching to remote working. A recent report from VMWare reveals that 91% of businesses globally have seen an increase in cyber attacks since countries began implementing lockdown measures. On top of this, home office networks are 3.5 times more likely to be hacked than corporate ones. 

Maintaining a good standard of cyber hygiene is the most effective way to guard against all of these threats. 

What does good cyber hygiene look like in practice? 

We’ve tackled why cyber hygiene is important but what does achieving it actually involve? 

Good cyber hygiene is probably best divided into three broad categories: occasional check-ups, daily routines and good behaviours. Let’s take each in turn.

Occasional check-ups 

People are often surprised by how many cyber threats can be averted simply by giving your corporate devices and networks a regular health check. When software is out of date, firewalls and anti-malware aren’t switched on, or security settings aren’t configured properly, you provide cybercriminals with an easy route into your business. 

Start by checking every device in the company is running the latest version of any software you use and it’s security settings are configured to the highest level of protection. Also ensure that your network is secure and that all anti-malware and firewall tools are switched on, up-to-date and configured properly. 

Daily routines 

Cyber hygiene is as much about what you do and how you do it as it is about maintenance. A great place to start is by putting in place universal practices across your organisation.

This includes steps like setting up a strong password policy, using two-factor authentication for anything coming in or out of your business and keeping work devices for work purposes.

Good behaviours

Few of us set out to put our workplace at risk with our actions online. But we’re all human. And whether it’s through misunderstanding the risks or just being a little careless, many of us do exactly that on a daily basis.

Getting everybody on your business on the same page about your cybersecurity standards is just as important as keeping your tech fighting fit. The best way to do this is to ensure your business has clear, understandable policies in place so everyone understands what they need to do (or not do). And it’s no use hiding them away on some long-forgotten corner of your server. Make sure they’re easy to find and everyone has access to them. 

Three simple ways to get your cyber hygiene up to scratch 

The steps we’ve outlined so far might feel a little overwhelming. Where do you start? Surely running through all that will take forever? And what do you do if cybersecurity isn’t really your forte?

Fortunately, there are three very simple routes to improving your cyber hygiene – regardless of your budget or level of expertise. 

1. Get a Cyber Health Check

Before you start improving your organisation’s cyber hygiene, you need to know your current level. In other words, it’s time for a check-up.

Our soon-to-be-released Cyber Health Check is a simple way to assess your current level of cybersecurity. We’ll run some tests to check how you’re doing. Then, once we’re done, we’ll send you a free downloadable report to tell you what you need to improve and some recommendations for how to do it.

2. Get Cyber Essentials Certified 

Another option is to complete the UK government’s Cyber Essentials certification. The scheme covers the essential actions every business should take to ensure its digital security and protect against cyberattacks. Cyber Essentials assesses five criteria on the way to certification: 

• Is your internet connection secure?
• Are the most secure settings switched on for every company device?
• Do you have full control over who is accessing your data and services?
• Do you have adequate protection against viruses and malware?
• Are devices and software updated with the latest versions? 

Not only does the Cyber Essentials scheme cover all of the maintenance steps we discussed earlier, research also shows it could help protect your business against 98.5% of cyber threats. And that’s not all. Many government bodies require Cyber Essentials certification from any supplier or service provider they work with. So getting certified could open up new avenues for your business.

Even if you’re not likely to work with the public sector, Cyber Essentials certification is a great way to demonstrate to customers and potential partners that you’re serious about protecting their data.

3. Use an active protection tool 

As we’ve said throughout this piece, maintenance is key to good cyber hygiene. But that doesn’t mean you have to set aside a day each month to check your defences are in order. There’s a far simpler, less time-consuming way to achieve the same thing.

The CyberSmart Active Protect scans your company devices 24/7, checking for updates, firewalls and security measures. If anything’s configured incorrectly or out-of-date Active Protect lets you know, allowing you to fix issues in a couple of clicks. And, to make sure your people stay safe, Active Protect lets you check on the individual status of their devices, and distribute company security policies across them.

Practising good cyber hygiene is a necessary part of modern business. But, as we’ve hopefully demonstrated, it doesn’t need to be time-consuming, complex or costly. So why not get started today? After all, where’s the harm in a check-up?

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Most of us hate budgeting. Sure, we all know an accountant who lives their life by the iron law of the spreadsheet. But, for most people, budgeting is just a tiresome task that’s necessary for the nitty-gritty of daily life. 

The same thing applies to running a small business. While we might not enjoy it, maintaining a sensible budget is often the difference between running a successful SME and joining the 60% who fail in their first five years. 

But while we’re all aware of the need for balanced books, there’s one aspect of budgeting that doesn’t often figure highly in SMEs’ plans. Cybersecurity. Here’s why your defences against cyber threats should be as important to your budget as OPEX or CAPEX. 

Budgeting for a changing world 

Change is part of a business. And every business, big or small, exists in a state of flux. When you think about it, it’s simply the natural order of things. Many of the technologies and business functions that are now crucial to modern organisations were niche concerns as recently as twenty years ago. Likewise, many things that were once considered indispensable are now close to obsolete. 

A great example of this is printing. Pre-internet, written communication between branches or with customers and suppliers was costly and time-consuming. Essentially, businesses were given a choice of print and fax or print and post – and this was seen as a totally necessary expense. 

Fast forward 30 years and few businesses print much beyond contracts and brochures. Printing is rightly seen as wasteful, environmentally destructive and unnecessary.  

Yet, while businesses have been quick to discard old methods, they’ve been slow to start thinking about cybersecurity in the same way as more traditional expenses.

Why don’t we include cybersecurity in our budgeting? 

So why don’t many of us take cybersecurity as seriously as we should? It can’t be that the risks aren’t high enough.  A 2019 study revealed that over 50,000 UK SMEs would collapse if hit by a cyberattack. And, 1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn.

Nor is our apathy towards cybersecurity necessarily down to cost. According to Offix, the average business spends £579 per person, per month on printing expenses. Yes, you read that right. Printing; the process we just described as almost obsolete. 

1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn.

If we take the average SME with a staff of ten employees and multiply that figure by a 12, that’s £5,790 per person, per year. For a business of the same size to invest in Cyber Essentials Plus certification and the CyberSmart platform for one year the cost is £3397.

Not only is that a saving of £2,393, it would also provide complete peace of mind that the business was protected from 98.5% of cyber threats. 

So if neglecting cybersecurity isn’t a value-based decision, what’s driving it?

Why do we view cybersecurity differently?

It’s actually very simple. Although the need for good cyber hygiene becomes more pressing every day, our perceptions of cybersecurity lag behind. Many SMEs view cybersecurity as complex, confusing and expensive. Something better left to big companies with big budgets. 

It’s not difficult to understand why people feel this way. There’s long been a ‘cyber privilege gap’ between large enterprises who can afford teams of experts, expensive consultants and the latest tech and everyone else. But, SMEs can no longer afford to invest the minimum and pray they don’t get attacked. 

Attacks against SMEs are on the rise. And it’s being compounded by COVID-19. VMWare’s recent report reveals 91% of businesses have seen an increase in cyber attacks as a result of employees working from home.

What can you do to better protect your business? 

Despite the perception proper protection is out of reach for many SMEs, it doesn’t have to be. 

CyberSmart Active Protect is built for SMEs. It offers a simple, step-by-step journey to securing your business – with no need for cyber expertise or extra expense. We’ll assess how you’re currently doing with a free cybersecurity healthcheck. Then, once we know where you’re at, we’ll guide you all the way through to achieving security you and your customers can rely on. 

In short, CyberSmart enables your business to: 

• Protect itself 24/7 with regular checks of all company devices
• Ensure your people and anyone accessing your data is working safely and cyber aware, with shareable security policies and protected devices – whether company or employee-owned
• Prove to customers and suppliers you’re cyber secure by completing government-standard cybersecurity certifications

In our troubled times, SMEs face a fight against the odds to stay afloat. It’s estimated as many as 600,000 could shutter their doors for good in 2020. But surviving doesn’t have to mean spending big. Instead, it’s about spending smart. And that starts with cybersecurity.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Today is a very proud day at CyberSmart. In a time where we could all do with cheer, we’ve got great news. We’ve won UK Innovative Vendor of the Year at the 2020 CompTIA UK Spotlight Awards.

Who is CompTIA?

CompTIA is a global not-for-profit trade association, promoting excellence in the tech industry. As part of CompTIA’s mission to elevate the best the tech world has to offer, it hosts an annual award ceremony celebrating outstanding contributions from the previous year.

What’s the award for?

CompTIA’s Innovative Vendor of the Year award is open to any tech business that has demonstrated innovation – whether within their own business, working with clients or impacting the wider industry. 

For 2020, the awards had an extra element. Candidates who have shown leadership in their community or industry during the pandemic have been given special consideration.

We’re honoured to have won Innovative Vendor of the Year. Our mission has always been to address the ‘cyber privilege gap’ between large enterprises who can afford the best in cybersecurity and SMEs who are often left behind. 

The COVID-19 crisis has made our work more important than ever. As many SMEs switch to permanent remote working, they’ve become a prime target for cybercriminals. And good cyber hygiene and access to cybersecurity knowledge have never been more vital to protecting small businesses. 

To win an award which recognises our own small contribution to a safer digital world is an honour. But it’s also a great motivation to double down on our efforts in 2021. 

We’d like to thank our backers, everyone at CyberSmart who made this nomination possible and, of course, small businesses everywhere. 

Are you a start-up looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

According to government statistics, the UK has a cybersecurity problem. More specifically, a ‘skills gap’. But what do we actually mean by a skills gap? How did we get here? And, what can smaller companies do to address it? 

What do we mean by a ‘skills gap’? 

Although the phrase ‘skills gap’ is a neat way to describe the problem, it’s a little vague. Whose skills are we talking about? Does it mean that every small business should have a bonafide cybersecurity expert in-house? 

Let’s dig a little deeper.

The Department for Digital Culture, Media and Sport (DCMS) defines the skills gap as businesses ‘lacking staff with the technical, incident response and governance skills needed to manage their cybersecurity.’ 

The DCMS backs this definition up with some pretty alarming statistics. 48% (some  653,000) of businesses in the UK have a ‘basic’ skills gap. This means they lack the confidence to carry out the fundamental security tasks laid out by the Cyber Essentials scheme. These include things like setting up configured firewalls, storing or transferring personal data, and detecting and removing malware. 

But the problems don’t end there. 

Approximately 408,000 businesses (30%) have more ‘advanced’ skills gaps. These include areas such as penetration testing, forensic analysis and security architecture. Another 27% have a gap when it comes to incident response. 

Looking to improve your cybersecurity but lack the skills to get started? Check out the CyberSmart platform. It’s your automated, in-house cybersecurity officer.

Why does the UK have a cybersecurity skills gap? 

To get to the bottom of why the UK has a cybersecurity skills gap, we have to look back. Way back. Specifically, we’re heading to the 1990s – a decade of Britpop, Blairism and bad fashion, and when the internet began to take off as a public utility. Of course, the internet had been around in some form for much longer, but the late nineties marked the point when businesses and consumers really started to use it. 

At the dawn of the modern internet, cybersecurity knowledge was mostly confined to the experts. Universities were just beginning to offer qualifications in the subject and some of the more forward-thinking businesses were offering staff training. But, for the most part, cybersecurity expertise was the preserve of academics, tech companies and a handful of specialist firms. 

Fast forward a couple of decades and not much has changed. Even though every business and individual now uses the internet for nearly every daily task, cybersecurity teaching in schools remains in its infancy and optional most of the time. Many universities now offer cybersecurity courses but it is a niche subject, usually studied by postgraduates. Meanwhile, few businesses offer anything more than rudimentary cyber skills training that usually culminates in ‘switch your antivirus on’. 

All of these things combined have created a world in which very few of us know much about cybersecurity. In turn, this scarcity has made cybersecurity expertise one of the most sought after skills in the UK economy. 

For SMEs, hiring your own in-house expert is prohibitively expensive. And even outsourcing the problem to a specialist firm is still likely to take an almighty bite out of your IT budget. So, short of humming loudly and pretending the problem doesn’t exist or heading back to school, what can small business leaders do about it? 

What can SMEs do about it? 

Some things will always require calling in the experts. If your business is covered on the basic skills front but needs more advanced knowledge, you’re probably not the average SME and it’s worthwhile consulting with specialists or hiring an in-house guru.

However, for everyone else, there’s a lot you can do to protect your business without in-house skills or eye-wateringly expensive expert help. Let’s take a look at some options. 

Take a government-standard certification 

The UK government has been worried about our collective lack of skills for a while now. In the past few years, you’ve probably seen or read news reports about encouraging kids to study STEM subjects and learn basic coding skills. But while these are noble aims that will improve society tremendously in 10-15 years, we need a solution now. 

So, back in 2014, the UK government created the Cyber Essentials scheme. The scheme covers the essential actions every business should take to ensure it’s digital security and protection from cyberattacks. Think of it as ‘cyber hygiene’ –  a bit like washing your hands, brushing your teeth or wearing a face mask. 

And this approach really works. Research from the University of Lancaster reveals that businesses can mitigate cyber risks by as much as 99%. What’s more, the certification process is relatively straightforward. The entry-level Cyber Essentials certification is a self-assessment that can be taken and passed in as little as 24 hours. 

The more advanced version, Cyber Essentials Plus, includes an onsite or remote assessment from an expert and is a little more complex. However, this can also be completed for little cost in a few days. 

If you’re unsure of which is right for your business, take a look at our handy guide covering the differences in more detail. 

Automate the problem 

Cyber Essentials certification is a great starting point. But your business’s cybersecurity requires year-round maintenance. It’s a bit like your car or bicycle. You might put it in for a service or MOT once a year, but in the period between visits to the shop, components wear out or break, leaving your vehicle less than roadworthy.

The same is true of cybersecurity. It’s very unlikely that nothing will change in the year between Cyber Essentials certifications. Software will need to be updated, new devices are added, and previously unknown threats emerge. 

Tackling this manually is a job in itself, one that few SMEs have the skills, budget, or time for. Fortunately, you don’t need to run out and nab a recent cybersecurity graduate from your local university. Tools like the CyberSmart Active Protect can keep an eye on your cybersecurity for you all year long.

This automated software continually scans for vulnerabilities, such as out-of-date software, incorrectly configured security settings and switched off defences. All you need to do is flick a switch if something’s not right, and the platform takes care of the rest. 

The UK’s cybersecurity skills gap will shrink. Heavy investment in the sector and the generation of burgeoning experts in our schools and universities point to a more secure future. However, this doesn’t mean we all have to wait until 2030 to do business safely. There is plenty your business can do today without expert knowledge. 

Are you looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

The fifth generation of wireless technology, or 5G, promises many things. But beyond grandiose pledges of hyper-connected living, truly scalable virtual reality, and a new golden age for business, 5G’s rollout has been far from smooth.

Unless you’ve (wisely) been consciously ignoring the news, it’s hard to miss the furore surrounding 5G. First, came British 5G towers being pulled down and set on fire due to COVID-19 conspiracy theories. Next, the UK’s decision to ban Chinese firm Huawei from its 5G network. Then, a backlash from environmental activists lamenting 5G’s potential footprint. 

But away from the big headline stories, there’s another side to 5G. It’s a potential gamechanger for small businesses. 

What benefits does 5G offer to small businesses? 

5G provides a host of benefits to small businesses, ranging from the simple to the fantastical. 

Speed

5G networks are engineered to be fast. Really fast. The most transformative part of 5G is its ability to reduce the time (or ‘latency’ if you prefer the techy term) it takes for data to get from one point to another. 5G promises speeds up to seven times faster than the fastest 4G browsing experience. 

For small businesses, this could improve everything from communication with customers to remote working to video conferencing. 

Smart offices

The term ‘smart office’ was all the rage a couple of years ago. We were promised a world of self-booking meeting rooms, automated energy controls and desk-monitoring software. The theory went that this would usher in a new era of happy, engaged employees, optimised office spaces,  and reduced real estate costs. 

However, at the time, the technology to truly automate the office environment wasn’t quite there. With 5G, that’s all about to change. The availability of superfast internet could finally make smart offices available, for very little cost, even to small businesses. 

Looking to improve cybersecurity in your business? Start by getting Cyber Essentials certified. 

Real-time communication

5G’s low latency could transform the way businesses communicate. Imagine a world in which your interactions with customers, staff and employees took place instantly, wherever they are in the world. 

No more waiting for emails to come through. Files uploaded to shared drives in seconds. And, video conferencing that doesn’t freeze every five minutes. That’s the future 5G promises. 

Remote working 

Unless you live in Sweden or have been extremely lucky, chances are you’re reading this at home. Most businesses have had to learn how to work remotely in the last six months. And, for the most part, we’ve all adapted well. 

However, we’re all familiar with the problems working from home presents. How well you’re able to work remotely largely depends on the quality of your internet connection. The additional capacity and speeds 5G offers could change this. Instead of playing the postcode lottery, employees will be able to access high speeds and low latency in even the worst internet black spots. 

IoT

The internet of things (IoT) is another term you’ll have heard a lot in the last few years. But beyond many of us using voice-controlled devices in our homes, it’s yet to really take off. 

5G’s improved connectivity will allow businesses to link up everything from printers and smartphones to office monitoring software.

The bottom line

In short, 5G will make small businesses more efficient, extending their ability to do more with fewer resources and in less time. And this won’t just save costs, it’ll also improve customer experience and boost revenue as a result. 

What risks does bring 5G bring for SMEs? 

Unfortunately, the benefits of 5G apply to cybercriminals as much as they do businesses. 

More attacks 

Although stronger, faster connections are a boon for small businesses, the same is true for cybercriminals. As businesses use 5G as a platform to innovate, so will the bad guys. 5G provides a better tool to launch sophisticated cyberattacks faster, more efficiently, and in greater numbers. 

More opportunities for cybercriminals 

5G enables greater use of IoT devices. And this will have huge benefits for small businesses.

Gartner predicts that there will be 20.4 billion IoT devices in use globally by the end of this year – just in time for the widespread launch of 5G. 

However, with more connected devices, comes more opportunities for the bad guys to break in. It only takes one poorly secured device for cybercriminals to find their way in. And, while it’s always been the case that one weak link is enough, IoT devices increase the risk simply because there are so many of them.

Decentralisation could lead to disruption 

This risk is a little more complex, so bear with us while we run through a short history lesson on network security. 

Traditionally, networks were hub and spoke designs. Essentially, everything flowing through a network eventually came back to the central hub, usually a data centre. This made practising good cyber hygiene pretty simple, as you could protect everything from this central point.

With 5G, these ‘hubs’ are decentralised to a web of digital routers throughout the network. This means that there isn’t a central point where everything can be checked and cybersecurity protocols put in place. Instead, this needs to be done throughout the network, upping the chances security will be overlooked and cybercriminals given a route in. 

What should you do to protect your business? 

Although some of the risks we’ve outlined above are the responsibility of internet service providers, you should never rely on secondhand security alone. There are plenty of things you can do to ensure your business reaps the rewards of switching to 5G, without exposing it to greater risks. 

Check the right security is in place 

Run regular checks to ensure every device used in your business is equipped with the best security capabilities. This includes any IoT devices you’re using such as voice assistants or smart printers. Tools like CyberSmart Active Protect can help automate this process, by running a scan of all devices every 15 mins. 

Make sure software is up to date

No one likes running software or operating system updates, but it is important. Often software providers will include patches to fix known vulnerabilities in updates, protecting you against new cyber threats. Ensure all software is configured to update automatically across all company devices or perform regular checks. 

Get Cyber Essentials certified 

According to a report from Lancaster University, the measures laid out by the UK government’s Cyber Essentials (CE) scheme can mitigate 98.5% of cybersecurity risks. If you’re not already CE certified, following the process will help you build a great base level of security before you make the jump to 5G. 

Maintain good password hygiene

We say it a lot, but setting up a password policy and ensuring everyone follows is a vital step. Always use complex passwords, change them regularly, and set up two-factor authentication, 

Clear security policies 

If you don’t have a security policy in place for 5G and the use of IoT, now’s the time. But it’s not enough just to have a security policy in place, your people also need to understand it. Check all security policies for workers are clear, easy to follow and stored in a central location everyone can access. 

5G is here. In less than four years time one billion devices will rely on it, and your business will very likely contain some of them. Of course, this brings risks. But the bad shouldn’t outweigh the good. By adopting a policy for 5G early and establishing simple, but effective security protocols you can make sure your business is primed to ride the next great wave of connectivity. 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

We’re proud to announce CyberSmart has been nominated in the UK Innovative Vendor of the Year category at the 2020 CompTIA UK Spotlight Awards.

Who doesn’t love an awards ceremony? The sense of camaraderie with the other nominees. The tension. And the chance to celebrate this year’s greatest innovations in a room full of like-minded people. 

So we’re delighted to have been invited to the 2020 Comp TIA Awards. CompTIA is a global not-for-profit trade association, promoting excellence and standards within the tech industry.

What’s the award for?

The Innovative Vendor of the Year award is open to any tech business demonstrating innovation or an approach that has transformed their organisation, a client’s, or the wider industry. For 2020, candidates who have shown leadership in their community or organisation during the COVID-19 crisis will be given special consideration. 

We’re particularly excited to be nominated in the innovation category. The COVID-19 crisis has brought the importance of good cyber hygiene into sharp focus. With many small businesses working remotely, cyber threats are on the rise. And these conditions have made our mission to help SMEs better protect themselves more crucial than ever. 

What does the future hold?

We started CyberSmart with the goal of innovating a much-neglected part of the UK economy: cybersecurity for SMEs. This nomination is confirmation that we’re on the right track. 

But we won’t stop here. We’re determined to be a force for good in the world. We won’t rest until good cyber hygiene is part of every SME’s daily routine – much like brushing your teeth or washing your hands. 

We’d like to thank our backers, everyone at CyberSmart who made this nomination possible and, of course, our customers.

Are you a start-up looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.