James Kelsh, our Head of Information Security discusses how in-house IT departments can benefit from the support of our security services team, in light of the release of the Guernsey Financial Services Commission's Cyber Security Rules & Guidance.
The past year has seen Guernsey experience two lockdowns and the introduction of the GFSC’s Cyber Security Rules & Guidance. An isolated and more mobile workforce has made for softer targets for cyber criminals, with cybercrime rocketing during lockdowns. And depending on which stats you read, there is a global deficit of cyber security experts from anywhere between two to four million and rising. An increasingly heavy workload for in-house cyber security experts has got a whole lot busier.
Is it therefore realistic to expect your in-house IT dept to cover this, as well as the myriad of other day-to-day IT duties they are required to do, to not just keep the lights on but to make sure your IT is a helper and not a hinderer of your business's growth? Or is it more cost-effective and ultimately more secure for you to place the cyber security burden with third party cyber security experts? And if it is, what can they offer you?
They should be able to offer you a range of security services, including all the areas covered in the five core principles as laid out by the GFSC.
The first is Identify and our cyber security assessments clearly highlight the specific vulnerabilities within your business. When plotted against a business’s own risk register, we can identify where improvements can be made.
Protect and Detect requires you to have the appropriate policies and controls in place which we can assist with; these include endpoint protection solutions, email & web filtering, mobile device management, multi-factor authentication, patch management, data loss prevention tools and so on... The Guidance also recommends certification, specifically Cyber Essentials. Having our own qualified Cyber Essentials+ assessors and IASME Gold Governance auditors, along with having gained both standards ourselves for many years, (and the first in Guernsey) we have extensive experience in being able to assess, audit and certify for these certifications.
The Guidance also recommends training for employees, often, unwittingly, a company’s weakest cyber link. We offer cyber security awareness training (all staff should attend at least once a year), as well as continuous email simulation phishing training, so staff are constantly exposed to what they should not be clicking on.
Under Respond & Recover, businesses will have to demonstrate they have cyber incident response and disaster recovery plans in place and regularly test the plans to be ready in the event of an incident happening. We have helped numerous businesses with these plans, whether fully cloud, completely in-house or a mixture of both.
Every client has a different piece needed to complete their cyber security requirements so each request for in-house support is different. We’ve externally audited information security management systems, highlighted gaps and then assisted in filling them. Other clients have engaged us for our vCISO (Virtual Chief Information Security Officer) service – we take on the responsibility for their information security management system, giving them complete security of mind and systems.
By working with us, you are gaining access to a complete team of IT security experts, all with their own specific areas of specialism. You are gaining security peace of mind with an experienced and qualified information security team, who offer a range of services and industry recognised certifications. Long or short term, they are here to provide extra support for your in-house IT team, making sure you meet all regulatory requirements and more.