In collaboration with the new Guernsey Startup Hub these are our top tips for small businesses to help keep them secure online at this difficult time

Welcome to this week's cyber tip Tuesday, this week James is talking about vulnerability management.

Vulnerability Management is much more than just the act of applying patches to vulnerable computers.

It's the process of identifying, eliminating or mitigating technical vulnerabilities within an organisation and it includes the ability to track and report on progress and trends.

Vulnerability Management is not a one-time project where you identify and fix all of the vulnerabilities within your organisation.

It's an ongoing method of managing and reducing the risks associated with modern business practices and the use of technology.

If you'd like to know more about Vulnerability Management or how you can better secure your business, get in touch.

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week I'm talking about firms thinking about how dependent they are on technology to operate.

Have you ever stopped to think how dependent your business is on IT and thought about how long you would be able to continue if you lost access to your data or systems for any period of time?

Thinking about email alone, how long could your business operate without being able to access email?

All firms are technology firms now to one extent or the other and many do not appreciate just how dependent their operations are on IT.

A loss of your IT systems could be catastrophic to a business and making sure you have plans in place so you know what to do and how you will be able to recover are critically important.

Talk to us to see how we can help with planning and preparedness to help ensure your business can survive.

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week Tony is talking about how many users are not as good at spotting phishing emails as they think they are, and how that overconfidence can be dangerous.

It has been proven that users are not as good at spotting phishing emails as they think they are, and as many as 1 in 4 users will fall for fairly basic phishing attacks.

Traditional training and awareness around phishing is not working and firms need to take a different approach.

One of the things firms should be doing is simulating phishing attacks against their own staff and this is something will be very pleased to help your organisation to do.

We can administer and run campaigns on your behalf, including providing reports you can deliver to your Boards.

For regulated financial service firms we know this is something that the GFSC are expecting firms to be doing on a regular basis, at least quarterly.

Welcome to this week's Cyber Tip Tuesday.

This week James is doing the first of a series looking at specific technical controls, this week Mobile Device Management, or MDM

You may have heard of MDM… but what is it?

Mobile Device Management is the technology used to administer mobile devices such as phones, tablets and laptops. Because these devices often run across platforms provided by different vendors, for example, Apple's iOS, Google's Android or Microsoft Windows they must be managed by a product that is compatible with all of them.

If your company's confidential data is stored or accessed on any of these devices then it is important that you extend your technical controls to encompass the unique security requirements and vulnerabilities that can be exploited to gain access to it.

If you'd like to know more about MDM or other technical controls, please contact us.

Welcome to this week's Cyber Tuesday and hopefully you've all survived this storm unscathed.

This week we're talking about patching.

Installing updates as soon as possible after vendors make them available is a very good way to help keep your systems secure, and good patch management remediates, or prevents, a huge number of threats.

Having said that Microsoft in particular of late have had issues with some of their updates so make sure you either test the updates on a non production environment first, that is on systems that aren't critical to you running your business, such as a dedicated test environment, or for smaller businesses that don't have the luxury of a test environment maybe wait a few days or a week or so before updating. Contact us for more info.

Welcome to this week's Black Arrow Cyber Tip Tuesday.

This week we are talking about why it is important to us to be independent and how our independence helps us and helps our customers.

As an independently owned and operated business we are able to be completely impartial and objective, we are not tied to any vendor, product, service provider or supplier, and this means we can objective and transparent in our approach.

We offer true independence and can advise on a range of different solutions to meet all budgets.

We can work with you whether you have IT in house or whether you outsource your IT to an external third party provider, and remember anyway that information security goes far beyond just being an IT problem.

Talk to us to see how we can help you to evaluate the efficacy of the controls you have in place or where you might benefit from new ones.

Welcome to this week's Black Arrow Cyber Tip Tuesday. This week James is talking about dangers from Internet of Things (IoT) and Shadow IT devices that may have crept onto your corporate networks. Do you know all the devices on your network? Do they introduce security risks to your business?

In an increasingly connected world, the security umbrella with which you protect your organisation’s information assets is constantly expanding. At the fringes and often overlooked by businesses, are the Internet of Things (or IoT) and Shadow IT.

The Internet of Things consists of an ever-increasing number of physical devices with network connectivity features. Often people associate IoT with smart consumer devices. However, there are many IoT devices which also exist in a corporate environment and they’re are often overlooked when a company evaluates its information assets. As such they remain invisible to your Vulnerability Management strategy and can seriously compromise your security posture.

Conversely, Shadow IT refers to software and applications that aren’t sanctioned by your company but have instead been installed by users (often to fulfill a single task and then they’re forgotten). This isn’t always a bad thing, except when these applications have access to company information but lack the controls and governance surrounding sanctioned applications. In which case they pose a significant risk to the security of your data and your business.

Contact us to discuss how you can decrease risk by increasing visibility.

Today we are talking about tools, as no tool, or suite of tools, can offer one hundred percent protection, after all anything man made can be man broken!

Even if a tool did offer complete protection today there will be teams of people around the world working around the clock to break it.

Anyone who says they rest easy or who says they sleep well at night because they have a particular tool is likely overconfident in that tool's ability to keep them safe.

Multiple layers of protection are needed and any technical solution still needs to be backed up with robust people and governance controls.

We can analyse your protections to see where your weaknesses might exist, and we can help shore up people and governance controls too.

Welcome to a special Christmas Eve 2019 Black Arrow Cyber Tip Tuesday.

Christmas is a time for giving so we thought it would be an ideal time to mention the services we give free of charge to help protect Guernsey and the local community.

1. Mentoring: if you are looking to start or progress your career in cyber security, you could be eligible for our mentoring program consisting of a rolling series of one to one meetings to see where our experience and guidance can help you.

2. Free 30 minute chats for Startups and Entrepreneurs: a free 30 minute consultation for new startups and entrepreneurs to help ensure they are getting the fundamentals of cyber security in place to protect their growing business.

3. Free pro bono advisory services for charities and non-profits: we are giving one day every month to support those that support our communities in Guernsey, to help them protect themselves, using where possible, or where appropriate, low or no cost solutions.

Black Arrow Cyber Consulting wishes everyone a Happy Christmas and a safe, secure and prosperous 2020

Welcome to this week's Black Arrow Cyber Tip Tuesday.

This week we are talking about the ways that ransomware attacks are changing and getting even more nasty, and how  firms and individuals will need to strengthen their approach to protecting themselves.

Traditionally the main defence against ransomware was having backups of your data, such that you could revert to a good copy of your data if you got infected, now though criminals are going after your backup data too, especially if these backups are stored on your networks, so it is now even more critical to have offline copies of your data that cannot themselves be infected.

The other significant development seen recently is now not only are criminals holding your data to ransom they are also now threatening to release your confidential data to the public.

Many firms will not survive the damage caused to their reputation if customers and investors see their private and confidential data is available for the world to see.

The only way to defend against this is to avoid being a victim in the first place, and this includes the principle of defence in depth using multiple layers of protection and different controls.

Talk to us today to ensure you are doing all the things you should be doing to keen yourself safe from ransomware.

This week’s Tip Tuesday focuses on Charities and how cyber security affects them.

Charities can be an attractive target for cyber criminals who want to access charities' information or funds.

Unfortunately, charities often do not have the expertise to establish good cyber hygiene, but they still need to operate in the same connected world as commercial organisations with larger budgets.

If a charity experiences an attack, then ultimately it is the wider community that suffers.

That is why charities need to take appropriate steps to secure themselves against a cyber-attack.

Fortunately, many of the things that charities will benefit from doing can be achieved with little or no cost, and Black Arrow also provides pro bono advisory services to charities in Guernsey to show how this can be done.

Welcome to this week's Black Arrow cyber tip Tuesday, this week we are talking about lessons we can learn from the Titanic.

Cyber security is a lot like the titanic, people often ignore warnings until it's too late. The day the Titanic sank the crew received seven iceberg warnings, yet such was the competition to make the crossing in six days, orders were given to maintain the speed of the ship.

They thought they could ignore the warnings and steamed on ahead in the mistaken belief they would be unaffected.

Now, if they'd heeded the warnings and slowed down they would have stood a better chance of avoiding the icebergs, and in particular the iceberg that led to their sinking.

That's not to say good security means you need to slow down, not wishing to mix my metaphors but brakes were not added to cars to make them go slower, brakes were a necessity to be added to cars to allow them to go faster.

So don't slow down necessarily, just maybe don't avoid the warnings and don't believe that somehow you will remain safe as you steer your own ships through a see unfortunately filled with icebergs.

In today's 'Tip Tuesday' we're talking about firms being in a defensible vs an indefensible positions in the event they suffered a significant breach. A firm that has taken cyber security seriously and has done all it could and yet still ended up the victim of a breach, possibly at the hands of sophisticated and well resourced nation state level attacker, is in a far more defensible position than a firm that has not done all it could, or all that could reasonably be expected of a diligent firm. A firm that has been breached by an unsophisticated attacker or otherwise left itself open to attack will have a much harder time defending their actions to affected customers, shareholders, authorities and regulators. Talk to us today to see how we can help you ensure you will be in a more defensible position