In the latest instalment of our Spotlight series, we talk to Red Circles ITS managing director Gavin Hitchmough about the Government-backed Cyber Essentials scheme.
Q: Hi Gavin, the first thing I read on your website was ‘Need help with your IT solutions? We can do it all.’ Sounds good, tell us a bit more about Red Circles ITS.
We were born about a year ago on the back of my 21 years working in IT services. As a company, we specialise in cyber security, working with IASME to become an certification body for the Cyber Essentials Scheme. We’re available for consultancy and deployment of all IT services. We’re particularly experienced with Windows server deployments, VMWare vSphere, Office 365 implementation / migrations, Cisco network infrastructure, VoIP, web services and backup solutions. We’re also experts in identifying areas of improvement and offering clear guidance on best practice security frameworks, including IASME Governance and Cyber Essentials.
Q: There’s been a significant increase in take-up of the Cyber Essentials scheme over recent months. For those new to the scheme, what is it designed to do?
Cyber Essentials is designed to put the minimal controls in place to try and prevent cyber-attacks and vulnerabilities being exploited. Its purpose is to provide security and reassurance to the end party that they’re doing the basics to protect not only their data, but data belonging to their employees and clients.
Q: What does the Cyber Essentials scheme involve?
It depends on how far the client wants to go. There’s two phases to it: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is a self-assessment exercise. As a company, we can provide as much or as little help as the customer requires. Cyber Essentials Plus is a more rigorous test of an organisation’s cyber security systems. This would involve us carrying out a vulnerability tests to make sure the customer is protected against things like basic hacking and phishing attacks.
Q: How much does Cyber Essentials certification cost?
Cost-wise, the Cyber Essentials self-assessment is a fixed fee of £300+VAT. Cyber Essentials Plus involves a more hands-on approach. Costs for Cyber Essentials Plus is dependent on the size of the IT estate, but are very reasonable compared to what it could cost if your exploited.
Q: Your website says cyber security has become more necessary than ever. Why is that?
New cyber threats emerge every day. There’s more and more people out there who are trying to exploit companies and individuals – and they’re getting more and more clever. Ultimately, you need to be one step ahead of the bad guy. Then there’s the issue of landing contracts. Nowadays, the Government and public sector expects you to have Cyber Essentials as a minimum.
Q: How has the shift to remote working impacted cyber security?
I personally wouldn’t say working from home is any more risky than working in the office. It depends on the solutions a business has in place. If they are to be exploited, that’s likely to come via email. Email is your biggest problem, that’s where most companies are exploited.
There’s a lot of focus on phishing at the minute. Phishing is likely to be where you get exploited first. I’d estimate that 75% of small businesses that have suffered a cyber-attack were exploited by email.
Q: One small business in the UK is successfully hacked every 19 seconds, according to a recent study. Do statistics such as that shock you?
Not really. Nowadays, an eight-year-old child could probably use an iPad better than I can, because they’ve had one since they were about three. Those individuals can grow up and be using a laptop by the time they’re aged seven or eight. Once they’re in their early teens, they’re playing games – and hacking is a game to some individuals. Some of them do it for profit, some do it for fun. Some do it to prove a point. It’s why cyber security should be among the top priorities for any business.
Q: Research also suggests that cyber criminals are increasingly targeting small businesses. Is that your understanding as well?
Yes, small and medium-sized businesses are probably the prime candidates right now. Across the UK, they lose tens of thousands of pounds a day through being exploited. The larger companies have a bigger budget for cyber security, so criminals often target smaller businesses instead.
Q: Ransomware has been a prominent threat to businesses for a number of years now. What kind of examples have you come across?
Going back five years or so I can recall one particularly tough week. I had one client notify me that they had ransomware on the Tuesday. Twenty-four hours later, I had a notification from a different client who said they also had ransomware which came from an identical email. The demand was £1,000 per folder, I think. You can’t afford to pay for that, so it really is vital you have cyber security in place.