Basic CyberSecurity covers many of the digital security issues that smaller SMEs need to confront. However, organisations which:

  • Allow staff to work from home; and\or
  • Must ensure that they are GDPR compliant.; and\or
  • Hold large volumes of client sensitive data (e.g. lawyers, accountants, financial intermediaries etc.); and\or
  • Are attractive targets for ransomware attacks (e.g. larger commercial organisations, financial institutions, government bodies, healthcare organisations etc.).

may well require more advanced levels of protection.

Here we outline the following resources that are designed to help those organisations which face greater levels of threat:

  1. The UK Government's 10 steps to CyberSecurity.
  2. The NCSC's Cyber Essentials or Cyber Essential Plus status.
  3. CyberSmart - CyberSecurity Made Easy.
  4. Darktrace - Artificial Intelligence Protection.
  5. Tailored Legal Advice.

For added protection, we suggest that you also consider taking out suitable insurance.


If your organisation faces a high Cyber threat level, the UK Government's 10 steps to CyberSecurity provides a good starting point to assess that risk and the system of protection that you have in place.

See: the video explaining the 10 Steps to CyberSecurity.

These 10 Considerations are as follows:

Risk Management

Take a risk-based approach to securing your data and systems.

Engagement & Training

Collaboratively build security that works for people in your organisation.

Asset Management

Know what data and systems you manage, and what business needs they support.

Architecture & Configuration

Design, build, maintain and manage systems securely.

Vulnerability Management

Keep your systems protected throughout their lifecycle.

Identity & Access Management

Control who and what can access your systems and data.

Data Security

Protect data where it is vulnerable.

Logging & Monitoring

Design your systems to be able to detect and investigate incidents.

Incident Management

Plan your response to cyber incidents in advance.

Supply Chain Security

Collaborate with your suppliers and partners.


The NCSC's Cyber Essentials programs help you to guard your organisation against cyber-attacks. They help you guard against the most common threats and demonstrate your commitment to CyberSecurity.

There are two levels of certification:

  • Cyber Essentials

The NCSC's self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

The Cyber Essentials readiness toolkit. Your responses to the questions in the toolkit help create a personal action plan to help you move towards meeting the Cyber Essentials requirements.

  • Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out.

Getting Certified?

The NCSC's Cyber Essentials Partner the IASME consortium can help you to get certified. 

Why should you get Cyber Essentials?

  • Reassure customers that you are working to secure your IT against cyber attack.
  • Attract new business with the promise you have cyber security measures in place.
  • You have a clear picture of your organisation's cyber security level.
  • Some Government contracts require Cyber Essentials certification.

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification. More information is available on the gov.uk website.

For more information on Cyber Essentials and how you can qualify - see the next section: CyberSmart - CyberSecurity Made Easy.


CyberSmart - Simple, affordable CyberSecurity for SMEs. CyberSmart makes CyberScurity easy. Their automatic compliance platform makes sure your business meets recognised security standards, mitigating 98.5% of attacks all in a few clicks.

CyberSmart also helps you reach: CyberEssential, CyberEssentials Plus and GDPR Readiness security levels within 24 hours. (As part of Active Protect, you’ll also receive access to the CyberSmart Academy – simple, bite-sized training to help your staff develop the skills they need.)

To have a no obligation chat about your requirements and how CyberSmart could help, please feel free to email or call Sam Greig on +44 (0)330 818 7714.

Work safely from anywhere. You need to be sure that employees’ devices are up-to-date, correctly configured and password protected. Without this, your data could be at risk. CyberSmart Active Protect checks laptops and mobiles for the key security requirements, reports on any problems, and gives you the tools to fix them – all delivered in simple, jargon-free language.

CyberSmart's solutions include 4 key modules:

  1. CyberSmart Active Protect: - Say hello to 24/7 protection from cyber threats, with no need for expensive tools, consultants or an in-house team. Active Protect secures all employee devices that touch your company data. Simply send the downloadable link to your staff and Active Protect will check around the clock for the most common cyber threats and vulnerabilities – giving you everything you need to proactively manage risk.
  2. Cyber Essentials: - CyberSmart is the UK’s leading provider of Cyber Essentials certification. They'll have you certified in as little as 24 hours. No jargon. No endless back and forth. And all the expert guidance you need to pass first time.
  3. Cyber Essentials Plus: - Cyber Essentials Plus also includes an independent assessment carried out by one of CyberSmart's licensed auditors. Customers don’t have to take your word that you’re cyber secure – they can rely on the expertise of a professional.
  4. GDPR Readiness: - Cyber Essentials certification covers some elements of GDPR compliance, but for complete reassurance that you’re doing the right thing, the IASME GDPR Readiness certificate is recommended. This doesn’t make GDPR any more complicated than it needs to be. CyberSmart will guide you through the process step-by-step and get you certified, fast.

Pricing

CyberSmart offers 4 Pricing Plans.

  1. CyberSmart Protect + CyberEssentials
  2. Cyber Essentials + CyberEssentials + IASME GDPR Ready
  3. CyberSmart Protect + CyberEssentials + CyberEssentials Plus
  4. CyberSmart Protect + CyberEssentials + CyberEssentials Plus + IASME GDPR Ready

These plans also offer Cyber Insurance. When a UK-domiciled organisation with a turnover under £20m achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are entitled to opt in to £25,000 of cyber insurance, terms apply.

Additional Resources:

CyberSmart also provides an extensive Knowledge Base covering:

  • Getting Started.
  • User Guides
  • Cyber Essentials and IASME
  • CyberSecurity Learning Centre
  • CyberSmart Academy
  • CyberSmart Complete.

CyberSmart's blog covers even more CyberSecurity related: tips, suggestions, explanations and advice.


Artificial Intelligence - Advanced Protection by Darktrace. As mentioned in the Introduction, larger more complex organisations will require more sophisticated security solutions. This then raises the question "what does my organisation need?" This not only requires an analysis of your current infrastructure and its current requirement - but also an assessment of what future threats will you face?

If your organisation’s IT security team struggles from lack of manpower and visibility, and could benefit from state of the art AI protection from the likes of zero-day ransomware, insider threat, data exfiltration, phishing emails, social engineering and beyond, Darktrace may well be the answer to your security needs.

The Approach

Darktrace uses Self-Learning Artificial Intelligence (AI) to build an understanding of your unique business. This enables the AI to autonomously detect, investigate, and respond to novel and sophisticated threats across your digital ecosystem - without the need for human input or fine-tuning.

Darktrace learns about your organisation by observing how users, devices, and applications typically behave, forming patterns and continuously revising its understanding in light of new evidence. This enables Darktrace to understand your organisation's "normal" - and therefore able to detect subtle signals of malicious activity as it appears.

The Approach.png

Are you:

  • Worried about Ransomware?

Darktrace stops ransomware in seconds.

Because Darktrace learns your business, not the breach, it knows how to contain only the malicious activity, avoiding the unintended disruption of normal business operations.

Ransomware is the number one threat vector that Darktrace AI responds to with its Automated Response capability. In addition, Darktrace for Email provides the first line of defence for ransomware by identifying spear phishing attacks before they reach you.

Worried-about_Ransomeware.png

See: Fight Ransomware with AI

  • An organisation with <250 employees?

Darktrace Immune System For SME’s Empowers Small Security Teams, allowing even the smallest security team to protect their dynamic workforce from the most sophisticated threats.

See: Darktrace for Small & Midsize Businesses

  • Keen to enhance your current Microsoft security protocols?

Darktrace and Microsoft have partnered to help organizations enhance their cyber security across multi-cloud and multi-platform environments. Darktrace complements Microsoft's security with self-learning AI that detects and autonomously responds to novel cyber-threats that evade other defences.

Integration_with_Miscrosoft.png

See: Darktrace & Microsoft: Securing the Future of Work Together.

  • Concerned about phishing attacks and email security?

Darktrace’s Antigena Email has been voted #1 on Gartner for both integration and overall capability for >1 year.

94% of cyber-threats originate via email, and legacy defenses at the border continue to fall short. Yet whenever Antigena Email and legacy defenses are deployed in the same environment, Antigena consistently neutralizes external threats and data loss that evade email defenses at the border.

See: Why Antigena Email?

  • Open to testing the Darktrace AI for free in your own environment?

Darktrace offers a free 30-day trial process, where the AI can be deployed over email / network / endpoint / cloud / SaaS – or the whole lot, depending on where you’d like increased visibility and protection.

As an added benefit, during the trial you’d have access to Darktrace’s own in-house SOC (120 analysts between Singapore, San Francisco and Cambridge) – a huge asset in terms of protection for your organisation, and an excellent opportunity to observe the value-add; whilst bolstering your own environment’s security.

Antigena_Email_Testimonials.png

See: Antigena Email and Protecting the Dynamic Workforce for more information about running your free trial.

See: Darktrace's YouTube Channel for a host of short videos covering all aspects of CyberSecurity.