Close Menu

    JB Leitch: A Secure Outlook for 2023

    0
    By on Industry News, News, Opinion

    Ensuring that Your IT & Digital Security Providers Bring Resilience & Rigour to Protecting Your Business Systems

    JB Leitch’s IT Director Gareth Rowlands highlights the importance of ensuring that your digital partners are alive to the increasing threats to cyber security, signposting some useful resources to consider in procuring the right provider…

    The creation of the National Cyber Force in 2021 and the introduction of the government’s £2.6 billion National Cyber Strategy illustrate a stronger approach to getting at-risk businesses to improve their cyber resilience in a climate of ever-increasing online threats unhindered by international borders. The coronavirus (COVID-19) pandemic has undoubtedly accelerated the trend of global expansion of cyberspace with the ways we live, work and communicate ever more dependent on critical systems in finance, energy, shopping and effective business management. The speed of change has also introduced increasing complexity, instability and risk. The past year has seen cyber-attacks on banks, schools, supply chains and businesses, with some grinding to a halt by malicious ransomware, and commercial spyware.

    Before we consider the types of support you can draw upon form specialist providers, perhaps it is prudent to firstly consider the tools, protocols and policies your organisation has in place – or can readily introduce – to improve your security with immediate effect.

    The National Cyber Security Centre (NCSC), launched by the Government in 2016, provides a single point of contact for SMEs, larger organisations, government agencies, the general public and government departments. The site offers a range of useful and practical resources that will increase your protection from the most common types of cyber-crime helping you to protect your organisation’s data, assets, and reputation. 

    Getting the Basics Right:

    Some of the most practical resources the NCSC offers include:

    • Cyber Aware offering simple advice to help small businesses and citizens stay safe online.
    • Cyber Action Plan offering sole traders & small businesses a simple, personalised ‘to do’ list to help protect your business.
    • The Small Business Guide shows how to improve cyber security within your organisation quickly, easily and at low cost.
    • Small Business Guide to Response and Recovery helps small to medium sized organisations prepare their response to, and plan their recovery from, a cyber incident.
    • Cyber Essentials shows you how to put technical measures in place to protect your business against the most common internet threats. You can also apply for a Cyber Essentials badge to demonstrate to customers your business takes this issue seriously. Cyber Essentials is recommended by the government for all organisations which rely on the internet.

    The Centre also provides resources for larger organisations, and where there are complex organisational structures or varying levels of cyber awareness, The Board Toolkit  can support a fluent conversation between Directors and Senior Managers and provide a toolkit for identifying risks, responsibilities and planning a consistent and universal approach to cyber security.

    Choosing the Right Partner:

    If the resources available above identify a risk to your business that internal resources can not mitigate, it may be necessary to consider working with an external service provider who can work with you to develop and establish systems, software or solutions – either in your own IT infrastructure or hosted externally.

    Knowing where to start can be daunting, particularly given the considerable number of consultancies, agencies and IT specialists that seem to have grown exponentially in recent years.

    Selecting and procuring a provider that offers the technical expertise to understand and work with your organisation effectively may require a detailed brief outlining your current IT landscape, the nature of online services provided and the identified threats that could compromise your data and financial security. You will need the assurance that they have the capacity, expertise and resources to win your confidence and trust.

    Again, the NCSC provides useful pointers in terms of the key criteria you should look for.  Certification, assessment and evaluation standards are provided for registered suppliers in the context of each technical group of products or services available or required. A searchable database of certified firms and professional can be found here: Verify suppliers – NCSC.GOV.UK

     A Note on Procurement:

    As per our previous procurement article published last year, which focused on best practice (Procurement, Tendering & Partnership: Finding the Perfect Fit – Flat Living (flat-living.co.uk)) there is then a question of selective you wish to be in the openness of your tender should you be able to develop a robust technical brief. It maybe that the ”three-way quote” approach is best suited to your needs, urgency and available resource. For more involved requirements you may wish to open the bid process to five, six or more potential suppliers, and require a pre-qualifying questionnaire, a bid document, and even a pitch presentation to diver further into the technicalities of your IT environment and needs. The key is to manage expectations within the specification document. Tendering can be a costly and time-consuming exercise for you – and for the provider. It is fair to establish the extent of the competition process and assess your ability to evaluate each bid both rigorously and fairly against core criteria.

    In conclusion, the cyber security environment is evolving, both in terms of threats and mitigation. Future proofing your partnership should be a key consideration and one of your core evaluation criteria. The risk profile of a supplier relationship can change, for example when the volume of data increases, new technology is implemented or if the organisation’s wider threat profile alters with new or upgraded services. It will be important to note how reactive to change your partner will be, and in terms of genuine added value, what changes they anticipate that you need to prepare for – being forewarned is being forearmed….  

    Should you have any questions relating to this article, please contact: [email protected]

    About the Author:

    Gareth is an accomplished Technology Leader with over 25 years’ experience of leading and managing a large service and product portfolio in complex, global environments, primarily within the Supply Chain sector and latterly the Social Housing sector.

    Gareth is highly experienced in building and running global IT functions, selecting and managing offshore and onshore partners, delivering large-scale transformation programmes, managing all commercial aspects of IT functions and transforming infrastructure and operating IT environments. This has resulted in a long record of success in delivering best in class results for a large portfolio of global customers through combining a strategic, innovative and entrepreneurial approach and driving Customer First business solutions.

    JB Leitch Ltd is a limited company, registered in England & Wales. This firm is Authorised and Regulated by The Solicitors Regulation Authority (registration no 498140) to provide

    Share.

    We are market leading specialists in leasehold and property management law. Established over 25 years ago, our team delivers rapid results and unrivalled expertise in matters ranging from dispute resolution and complex litigation, to arrears recovery and non-contentious real estate work. Whatever the tenure and whether it is residential, mixed-use or commercial - if you manage it, we can help you.  J B Leitch | 0151 708 2250 | [email protected]

    Related Posts

    Comments are closed.