CYBER SEC RITY
July 2016 Issue 1
In this edition... in.brief
in.profile
in.solution
Keeping you up to date with news, events and legislation.
We meet Aaron Yates, CEO and founder of Berea.
How you can protect yourself against cyber-attacks
The Forum aims to support you, advise you and protect you whatever your business challenges.
brief Editor Leanda Hickman leanda.hickman@fpb.org
Deputy Editor Georgina Hodge georgina.hodge@fpb.org
Designer Caroline Janes caroline.janes@fpb.org
Researcher Thomas Parry thomas.parry@fpb.org Ian Cass Managing Director The Forum of Private Business ian.cass@fpb.org John Kilbey Senior Business Advisor The Forum of Private Business john.kilbey@fpb.org
Guest contributors Aaron Yates Founder and CEO Berea Group aaron.yates@berea-group.com Denise Warner Sales and Marketing Director Berea Group denise.warner@berea-group.com
Subscribe to in.forum
From the editor Hello and welcome to our first edition of “in.forum”. We are all excited about introducing our fresh new look and using a digital platform to bring you feature stories, guest articles and lots of interesting regular content. We have packed so much in to this edition including Cyber Crime - a hot topic for all businesses across the UK and worldwide. It is a priority for cyber security to be included within your risk management agenda, yet so many businesses are not even aware of what they need to do. So, we welcome Berea who give us some great advice on pages 8 and 9. We also chat to Berea’s Founder & CEO, Aaron Yates who tells us about how the business started and what Berea do for businesses. On pages 12 and 13 you will find out what makes him tick and his love for chickens!
Our aim is to bring you an online, interactive business magazine that is easy to read and understand and that you can contribute to and share. So please let us know if there is a hot topic you would like to know more about or if you have a burning business question you would like to ask. Whatever the reason, do drop us a note at marketing@fpb.org. We promise to respond to all your questions and you may even have a chance of being featured in our next edition.
Take a look at our in.help on pages 14 to 17 to read our responses on those burning issues facing small businesses every day. You can also read more about our Managing Director, Ian Cass, on pages 18 and 19, his future plans for the Forum and what his one super power would be.
Have a lovely summer and we look forward to seeing you again in September.
In the meantime, please get in touch, share your views and enjoy the read!
Leanda Hickman
The new Health and Safety guide All businesses, no matter how small, must comply with health and safety regulations.
Our comprehensive Health and Safety guide gives you and your business all the health and safety expertise that you need, with step-by-step guidance to identify the areas where you may not comply or need to make improvements.
Dates for your diaries
Make sure you have your diary handy and pencil these dates in.
Contents in.brief
in.profile
Keeping you up to date with news, events and networking opportunities.
Everything you need to know about Aaron Yates, CEO and founder of Berea.
in.feature
in.help
This feature article talks about the dangers of cyber risk and the real threat of cyber attack.
Need help? Ask a burning question or seek advice from our panel of professional experts.
in.solution
in.person
How can small businesses protect themselves against cyber attack? Here is the solution from Berea, helping to protect businesses from cyber risk and attack.
Find out more about the people who work at The Forum. This month we find out more about Ian Cass, how he likes his brews and what makes him smile!
In.feature brings you up to speed with the issue of the moment.
This feature article Think Before You Click focusses on the real dangers of cyber risk an
THINK BEF RE YOU CLICK The process of running a business uses online, mobile and cloud based technologies as part of everyday office functions and communications. IT equipment is used for accounting; there is an online presence for marketing purposes; an internet sales channel will exist to target new customers; an online filing system is used to be better organised and the list goes on...
nd threat of cyber attack.
What are cyber attacks and cyber risks?
80%
of SMEs do not use data protection
Every day there are cyber-attacks on UK companies from individuals or groups of people attempting to steal information and money, or disrupt business functions. The risks of these cyber-attacks occurring are prevalent and can occur at every point where a business uses any type of technology e.g. computers, smart phones, email, social media and storage devices.
Data from the Information Commissioner’s Office indicates that: 74% of small businesses suffered a security breach in 2015, and 93% of Data Protection Act breaches are caused by human error. The cost to businesses of these cyber-attacks is eye watering. The Government website is quoting costs of £65,000 to £115,000 for the worst cyber breaches, a crippling amount for a small business to swallow and this is at the low end – research from Experian suggests the average figure should be double this and according to an industry insider at one of the top banks the typical amount stolen is close to £500,000. And that is not all. The company could also suffer from loss of client accounts and revenue, brand reputation, direct theft of monies, legal consequences, redundancy and even business closure. In a situation where a data breach has occurred, typically these are only uncovered 6 months after it has happened.
Banks are in some cases part of the problem – while they are often happy to refund money taken from consumers accounts, it is the bank’s money and not yours that is often protected when it comes to business accounts. This may not be the case for your business – but it is advisable to ask for your terms and conditions to see why this is the case.
“60% of industry
experts identified employees as the biggest threat to business security” Small businesses are particularly vulnerable as they are not at the stage where they can recruit dedicated personnel to manage IT security or manage cyber safety training in-house so protecting the company from damaging cyber threats and attacks
becomes paramount. Less than 4% of small firms believe they have insurance against cyber crime – the good news is that if you are a Forum member then you are part of the 4%. Nevertheless according to Intel 80% of SMEs do not use data protection and less than half of businesses use email security. However SMEs do have one big advantage, particularly Forum members. 1 in 4 employees believe that cyber crime is a victimless crime and this is one reason why 60% of industry experts identified employees as the biggest threat to business security. Robust HR policies as well as taking reasonable precautions are key and are important reasons why 31% of SMEs suffer from employee breaches compared to 75% of larger firms. The indications is that it is going to get worse, certainly 59% of business owners believe it will in 2016. This is backed up by information from Kapersky labs which reported a threefold increase in new malicious programs in 2015 with 884,774 different programs detected.
Sources: http://www.telegraph.co.uk/sponsored/business/sme-home/case-studies/12140864/Cybercrime-statistics.html http://www.fticonsulting.com/insights/articles/employee-engagement-first-defence-against-cyber-crime https://www2.idexpertscorp.com/blog/single/employees-could-be-a-portal-to-cyber-attacks https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-03.pdf http://www.kaspersky.com/about/news/virus/2016/The_Volume_of_New_Mobile_Malware_Tripled_in_2015
THINK BEF RE YOU CLICK
How can you protect your business against cyber threats?
Cyber safety can be achieved by protecting your computer-based equipment and information from unintended or unauthorised access, change, theft or destruction. The encouraging news is that implementing good cyber security needn’t be time intensive or costly and can be done yourself. Below are a few useful pointers: Assess how cyber secure your business is by using
Compete the free online training which helps
a quick self-assessment questionnaire.
employees and business owners with an online
It won’t take long and it’s free to use.
introduction to protection against fraud and
If you see a computer behaving unusually or any
cyber-crime.
unauthorized person or device at work, then
Put in place usage policies for IT and social media
report it immediately to your line manager, IT
and make it clear to everyone what is expected.
manager or director / partner.
Apply for the Cyber Essentials badge to
Check what you are responsible for with your
demonstrate to customers your business
providers, not just the bank but with any supplier
takes cyber-crime seriously.
who is operating on the cloud such as your CRM provider or E-Commerce company.
Keep patches up to date and make sure everyone in the company knows their responsibilities
Use strong passwords, install security software
and if possible include this in their employment
and download software updates as advised by the
contracts. Our help line can support you with this.
Government-backed Cyber Streetwise.
Just call 01565 626001.
Educate yourself and your staff with the cyber risks: Visit the GOV.UK website and download the FREE Cyber Essentials documents.
Training to help your business stay cyber safe Good cyber security can enhance the reputation of your business and could even open up new commercial opportunities. For more information on cyber security training for small to medium sized business and for a wide range of free online training packages visit GOV.UK Here you will find a wide range of free online training packages for you and your staff to help protect your business against potential cyber threats, cyber-attacks and online fraud.
Putting cyber security on your risk management agenda We know that cyber security incidents are on the increase and that small businesses are looking for additional protection and peace of mind. That’s why we have partnered with Berea, a company who is an expert in cyber security solutions that can provide the support you need to make your business totally cyber safe. To find out more about cyber security and how you can put this on your risk management agenda, visit page 8 to read the article from Berea.
CYBER SEC RITY
With experts warning that cyber-attacks will only increase and that businesses must do more to protect themselves against
losses, do you have Cyber Security on your risk management agenda and what does cyber security really mean?
Can you afford not to have Cyber Security on your risk management agenda? When the “World Wide Web” began in 1991, no one could have ever predicted what the digital world would look like today. Currently there are over 5 billion internet-connected devices, 2 billion people online with billions set to join over the next decade and a total of 8 trillion changing hands last year in online commerce. This rapid growth in cyberspace makes it an increasingly valuable and important arena for UK businesses. However, as well as opportunities, it’s a double edge-sword due to the associated risks it presents. As we put more and more online and “into the cloud”, businesses need to be confident that their employees, networks, and process supporting their prosperity are knowledgeable, secure and resilient. Cyber security incidents are frequently hitting the headlines now, usually relating to large corporates. You may be surprised to learn that it’s not just big business that is suffering. In fact, 38% of small businesses were attacked in the last year (a rise of 33% from 2014) and it is predicted that this number will double in 2016. Despite the rise in both awareness and
incidents, many small to medium sized businesses are still not being proactive in addressing cyber as a part of their risk management strategy. This may be due to a lack of understanding, confusion as to what to do, a lack of time and availability or perhaps a belief that it will never happen to them. Whatever the reason, it is the responsibility of company directors to ensure the safety and security of their staff, clients, data and finances. Berea helps businesses to understand and address cyber security. Our approach is to normalise the subject, remove the fear and embrace the risks. Cyber security has parallels to your office fire safety. Once you know what and where the problems are, you can be proactive and do something about securing against the risks.
For example, you may engage an expert to install fire extinguishers and provide the relevant training. However, without the training and the understanding of when and how to use them, the extinguishers are little more than an ornament, unable to protect your employees and your business is greatly reduced. Similarly, engaging an expert to help understand and address the risks that cyber security presents can improve the protection of your staff, your clients and your business. Learning about the threats that exist, identifying where you might be vulnerable, and understanding how to mitigate the threats reduces risk, and improves security. This is where Berea can help.
Berea’s cyber security solutions Expert support
Training (in person)
Training (online)
Additional support
Health Check
Cyber 101
Cyber AMI
Designed to help businesses understand their current position, identify key areas of risk, and provide direction on what the next steps should be.
Executive briefing for Directors and Senior Managers who are concerned about information security and data protection, and their position towards it.
Cyber Safety At Work Advice Pack
In Depth Analysis
Cyber Security Awareness Training
A web-based cyber security training portal designed to give a business a cost effective alternative to using a consultant. It provides an individual within a business to access 13 modules of cyber education. No previous cyber experience needed and the UK Government’s Cyber Essentials is built in – allowing you to achieve the Cyber Essential standard.
For businesses who require additional expert support in developing and / or implementing a cyber security strategy.
Empowering employees to understand and address cyber security, thereby reducing your business’s biggest exposure to cyber risk.
Help your business stay cyber safe
Cost effective staff cyber risk awareness that reinforces employee education to reduce incidents. Helps demonstrate activity to support data protection legislation and supports ISO 27001 and Cyber Essentials compliance.
Thinking of advertising? Get in touch for more details: marketing @fpb.org
FREE online guides to support your business
View our free Forum guides on issuu
Health and Safety Guide 2016 Helping you keep up with the many requirements for health and safety The Forum’s Health & Safety Guide brings together the basics of health and safety in one easy-to-understand guide and provides you with all the tools you need to ensure your business is legally compliant.
Step-by-step guidance The guide offers comprehensive, up-to-date information on all the current legislation and gives you step-by-step guidance to ensure that you can demonstrate your management arrangements for health and safety to the HSE, local authorities, clients, insurance companies, solicitors, clients, etc. as well as providing a safe working environment for your employees and customers. Covers topics relevant to all businesses such as risk assessment, manual handling, PPE and fire safety to sector-specific guidance, including offices, shops, construction, warehousing and care homes. Easy-to-follow checklist format enables you to identify the areas where you do and don’t comply, or need to make improvements. More than 30 customisable templates including risk assessments, inspection checklists and briefing forms help you take action towards compliance. Forum helpline access for your health and safety questions, plus the extra reassurance of our health and safety partner MD Safety Management who can provide additional support*.
Call us now on 01565 626001 View our digital Health & Safety guide sample
E
yt r ve
u need to kn o y ow ng i h
CEO and founder of
A
ni
m
al
lov
er
Scu
ba
v di
er
ab o u t
Hello Aaron... Founded in August 2010, Berea branched very boldly in to an area known as “cyber”. We asked a few questions of the founder, Aaron Yates, to find out what makes him tick and why cyber protection?
Where does the name Berea come from? I wanted a name for the business that was simple and ultimately that would tie me back to my roots. The name comes from Berea Road in Port Shepstone, South Africa, where my grandparents lived.
Why did you establish Berea? I saw business owners incurring pain that my knowledge could have helped them avoid. I decided to leave the digital marketing industry to advise businesses on cyber risk and to assist with those risks that had materialised into full blown disputes or security incidents. We’ve evolved substantially since then to meet the emerging and growing cyber risk within the business world.
How did you get into technology? I fell in love with the potential of computers when I was 12 years old. My parents had no idea why I enjoyed reading through webpage source code or customising my PC; it was alien to them. I wanted to know how computers worked, and how to make them work. Some school friends and I were in a band and we even figured out a way to write songs using the Internet as we lived too far apart to practice. And that was when we were 13 and using “dial-up” Internet!
What does Berea do, exactly? We help businesses to understand and address cyber security from an initial “Cyber MOT” to assisting with the UK Government’s Cyber Essentials standard.We are the trusted partner for firms that want to safeguard their business, its reputation and their clients.
So what makes you tick? I’m a keen scuba diver and have my PADI Advanced Open Water qualification I also enjoy snowboarding and golf (not at the same time), when time permits. I am also an animal lover and have a dog, a cat and two horses. I am preparing for a discussion with my partner around extending the family to include micropigs, goats and chickens!
Contact Berea for an informal chat about your cyber security, quoting Forum Newsletter.
help in.help is your opportunity to ask a burning question or to seek advice from our panel of professional experts. We hope that others will also benefit from these shared responses. If you would like to get advice from our experts then please get in touch by emailing marketing@fpb.org.
I am a small business and am considering redundancies. What are your top tips? The Forum’s Senior Business Advisor, John Kilbey replies: Act quickly
Establish a matrix
If you are considering redundancies then this is the time to take appropriate action. Employers tend to hang on hoping that the situation improves and spending cash on wages when they should be looking to consolidate the company position. Often this leads to more redundancies at a later date or even the closure of the business.
If you are considering making more than one person redundant, then you need to consider establishing a matrix of selection criteria from which you can base your decision on. Avoid including selection criteria that could be potentially discriminatory. To find out how to create one, refer to your Employment Guide 2016.
Cut back early
Before you act, call us!
Earlier cut backs can maintain the company position and stabilise it building a firmer foundation for employing more staff later. Establish which roles are at risk of redundancy. Ensure that everyone who does the same job is put at risk. Employees off sick or on Maternity leave can still be made redundant, contrary to popular belief.
If you are considering going down the route of making people redundant, it is imperative that you call us to discuss your options. We can help advise you so that you avoid making costly mistakes in the future. Call the helpline on 01565 626001.
For more information, please refer to Dismissal and Redundancy section in your Employment Guide and visit our site...
As an employer, how important is it for me to provide my staff with a contract of employment? The Forum’s Managing Director, Ian Cass replies: At The Forum, we cannot stress the importance of providing staff with an up to date contract of employment. Not having a contract leaves you exposed, especially if there is an event where a dispute occurs that reaches an Employment Tribunal. If this situation occurs, you may well find that your employee is entitled to greater benefits and protection than they would have otherwise received and that you are also at a greater risk of a heavy fine.
With regards to new employees, it is useful to remember that they need to have been employed for two years before they gain full employment rights. This gives you the opportunity to remove a problem employee from your company without engaging in a full disciplinary process. As with all employment issues, please remember that it is vital that you let us know before you take any action.
Read further information about employment contracts
“If you are considering going down the route of making people redundant, it is imperative that you call us to discuss your options. We can help advise you so that you avoid making costly mistakes in the future.”
help In my business the holiday year runs from 1st April to 31st March. As Easter fell early this year, could you tell me how this impacts my employees’ quota of holidays? The Forum’s Senior Business Advisor, John Kilbey replies: As you are an employer who has a holiday year that runs from 1st April to 31st March, you will have been impacted by Easter falling in March this year. Every member of staff is entitled to the statutory 28 days holiday that includes bank holidays. As Easter was early this year, the two bank holidays taken for Good Friday and Easter Monday will have fallen in to last year’s allocation as they were before the end of year cut off point of 31st March.
Next year (2017), Easter returns to April which means that in this forthcoming year (from 1st April 2016 to 31st March 2017), your staff will be two days short of the statutory minimum of 28 days. Therefore, you will need to either offer your staff an extra two days holiday or, alternatively, close the office for a two day period. By taking this approach, you will be providing everyone with the number of holidays they are entitled to by law.
“ If your business uses, or has a form of reliance on technology or computerised information (smartphones, the Cloud, etc.), then cyber risk is applicable to your business.”
“Next year (2017), Easter returns to April which means that in this forthcoming year (from 1st April 2016 to 31st March 2017), your staff will be two days short of the statutory minimum of 28 days.”
I am a small business and I don’t think cyber risk is applicable to my business. Aaron Yates, Founder and CEO at Berea explains: Where a cyber incident occurs, technology isn’t often responsible as, in most cases, it’s a people problem. Businesses are adopting technology solutions at incredible speeds. Small businesses are more likely to be early adopters for reasons including cost savings, increased agility and creating competitiveness. The problem (and the root of a small businesses agility) is that they don’t have the governance mentality that larger firms put in place to avoid issues around cyber risk. Whilst this makes small businesses more nimble, it does leave them more exposed to the adverse effects when something goes wrong.
Therefore, if your business uses, or has a form of reliance on technology or computerised information (smartphones, the Cloud, etc.), then yes, cyber risk is applicable to your business. The encouraging news for agile small businesses is that there are ways to protect your business against cyber risk. To find out more, read our article on Cyber Risk and how we all need to ‘Think before you click’. It is also worthwhile reading the supporting article on Cyber security from Berea as they offer small businesses the protection they need from cyber attacks and the risks associated with this.
The advice given on this page is for guidance only. Please contact us if you need further help Email: marketing@fpb.org Call: 01565 626001
person Find out more about the people who work at The Forum.
Here is where you find out what’s happening behind the scenes at The Forum and about what tickles (or doesn’t tickle) one person in particular. This month, it’s Ian Cass, Managing Director of The Forum, a man who likes his brews and who brings a smile in to the office…
Hello Ian... Can you tell us a little bit about yourself? I am happily married with two children, Ella and Louis, and have lived in Knutsford for many years. I have done various sales roles in my time and brought this experience with me when I joined The Forum as a Sales Director. I quickly progressed to Managing Director eighteen months ago during which time I co-founded and launched Hunters Gin. Hunters is a brand new, high quality drinking gin that is well suited to Cheshire lifestyle and is now an established and well-known brand across the UK. In addition to my busy and exciting role at the Forum and supporting the growth of Hunters, I also like to sail, clay pigeon shoot and I especially enjoy eating my wife’s cheese scones.
What do you do at The Forum? I am very passionate about planning the strategy of the business to achieve our business goals and I fully support the small and medium business sector being a business owner myself. I also like to make sure everyone is happy at work. My belief is that the work environment should be relaxed and friendly. There is a very flat structure which helps to promote creativity and a strong team spirit.
What is most important to you and to The Forum? It’s vital to have a strong business foundation that enables us to support small businesses and entrepreneurs that want to be innovative and grow. We achieve this by focusing on two key elements: • The provision of support, advice and protection to all our members ensuring they are happy and satisfied with our offering and service. • The building and strengthening of partnerships to improve our membership offering.
What do you enjoy most about your job? I enjoy seeing the small businesses we support and protect achieve their own goals and flourish as a result. Our team of efficient and knowledgeable staff is on hand at all times to advise and support the business owner in their wellbeing, growth and profitability.
Where do you see the Forum in 12 months time? My aim is to continuously improve our membership offering ensuring our members have access to the things that are important to them and that we are there to offer the best advice when they need it. Entering in to The Forum’s 40th year, it would be great to reach out to even more small businesses and to experience more growth and business success.
If you were to choose one super power what would it be? I would love to be in two places at once – imagine how much you could achieve in one day!
Business support you can turn to and trust. Need advice? Call 01565 626001 Whatever issue you’re facing, we’re here to help your business 24/7. Always call before you act to ensure you are covered by our legal protection insurance.
Are you making the most of your membership? Call our membership service team on 01565 626001 who are on hand to help you take advantage of all that membership has to offer your business.
Forum of Private Business Limited Ruskin Chambers, Drury Lane Knutsford, Cheshire WA16 6HA Registered in England and Wales: 01329000