Company: Information Security Made Simple
Location: Edinburgh, UK
Did you know that according to government research, 87% of small businesses suffered an online security breach last year?
Truststream Security Solutions was set up by Paul Sullivan and Bryan Thomson in 2011. Both Directors are passionate about security and the service they provide to their clients. As experts in security they saw the need for a business that approached security in a practical and pragmatic way but was tailored to clients needs. The company has grown and have worked with Virgin Money, Edinburgh College, Macdonald Hotels and Direct Line as well as numerous SMB’s. Truststream also work closely with the Scottish Business Resilience Centre and are a trusted advisor on the Scottish Cyber Strategy Group.
Every week there seems to be another story in the press about a high-profile company being hacked. Most recently the CEO of Target in America has stepped down as a result of a massive data leak last year that exposed the personal information of 70 million customer. However, the threat is no longer just to large, high profile companies such as Target, Sony, RSA and Adobe but increasingly SMB’s.
There are many common misconceptions among SMB’s around security threats to their business that are placing businesses at undue risk, but the perennial perception of the threat is:
It’ll never happen to me, I’m just a small business!
I’m sorry but the simple fact is if you’re in business, you’re a target. If you’re business is connected to the Internet then you’re already under attack. It is no longer a question of if but rather when and how. Hackers are exploiting this misconception to greater extents. There has been a very definite paradigm shift in the tactics of hackers globally that has resulted in SMB’s becoming a greater target for attacks. As larger corporations are beefing up their security (due to the increasing complexity of the threat landscape and regulations) and becoming harder targets; hackers are shifting their focus to less protected SMB’s because the chances of success are much higher and the potential returns can be just as lucrative.
The security industry relies heavily on the idea of fear, uncertainty and doubt to sell their wares. At Truststream we don’t agree with this approach. It is not the concept that we have issue with as much as it is the way it is used by many organisations to persuade companies to buy things they don’t actually need. However, a certain amount of fear is justified because the threat is very real. Cyber crime is estimated to cost Scottish businesses £5bn a year.
Information security needn’t be a daunting subject
While information security can seem a daunting subject, at Truststream we believe that security doesn’t need to be complex or expensive and believe strongly in the “Pareto Principal” (80-20 rule) when it comes to securing your business. You can reduce 80% of the risk to your business by focusing on making the correct changes /80% of the threats to your business come from 20% of your process and procedures. While there is no one solution that will solve all your problems, a secure business starts with the right culture that ensures that information security is everyone’s responsibility. Often people are the greatest security risk, not technology. You need to ensure that your staff are aware of the security implications of their day-to day actions. These will change for every business and even between departments within the same business.
How do you keep up with all of this?
The information security landscape never stands still and is changing every single day. As a business leader it is your responsibility to ensure the security of your business and your customers data. However, it is unrealistic to expect you to stay up to date with all of this while juggling the 101 other balls on a daily basis. That’s where we come in. The first thing to point out is that you will never be 100% secure from threats— unless you completely unplug from the Internet. You must therefore focus on achieving a state where risks are equal to or less than the financial cost to achieve that state. This ‘state’ is on a continuum and every organisation is comfortable with a different place on that continuum based on your business goals and the identifiable risks… and that’s OK. As such, we work closely with you to understand your business and your appetite for risk. Reducing the complexity down to simple actionable information that can be communicated clearly throughout the organisation in a way that is relevant to you and your business. This can take any number of forms from a full security audit, training and education of staff to full management and monitoring of cutting edge security products. Allowing you to get on with managing and growing your business comfortable in the knowledge that you have experts on hand to assist you at every step of the way. IT security can be a daunting subject – but it doesn’t need to be. The worst thing you can do is to bury your head in the sand and ignore the threat. We are always happy to have a chat over a coffee to discuss taking your first step towards making your business more secure.
The UK Government recognises the seriousness of the threat and are offering £5,000 worth of Cyber Security Support to SMEs.
Get in touch with Trustream and we can discuss what kind of support you can access for £5k and if applicable we can help you to apply.