'Data Breaches are a State of Mind' Blog by IS Know How

7 minutes reading time (1338 words)

Why Should Charities Choose a Managed Cyber Security Provider?

A Brief History TrIp

So, you have likely heard about Cyber Security and you have heard of the term Managed Cyber Security, right? Oh, OK maybe you haven't heard or unlikely know much at all about the latter. Well, it's hard to get away from the headlines but this doesn't help the majority of society to know enough, so they can better mitigate against the many negative aspects to a data breach.

Let IS Know How take you on a very brief history trip, then detail a small introduction for you. Hopefully, it will then help to inform you, both of where it emerged from, what it is, why it can be truly beneficial to your Third Sector Organisation today and why your organisation should give it serious consideration at the very minimum.

Back in Spring 1997, in the US, US West, Inc. and more specifically their subsidiary 'Interact ISP' began a foray into the Firewall Management marketplace. Additionally, around the same time, 'BellSouth Corp.' began working with 'IBM', to increase it's ISP coverage and security through it's own subsidiary, 'BellSouth.net, Inc.'

In the case of !nteract ISP, they offered "Custom Security Policies to customers, that included Firewalling [sic] and Encryption", with one big benefit, "Customers need not buy new gear"

[1] RBOC or ISP, Tim Greene, NetworkWorld Magazine - March 17th, 1997.

​Since that time and now essentially 20 years on, an awful lot has changed both with the Internet as a whole, how it it used by both Domestic End-Users and in the Business World but also, with the constantly evolving proliferation of the threats and risks, that in 2017 doesn't show any signs of abating. 

Managed Security availability for SME's is a relatively new concept and of course, it will likely look incredibly different by 2037.

However, SMEs are increasingly seeing the multiple benefits of outsourcing their Cyber Security strategy to a Managed Security Services Provider, (MSSP) where this is due to a number of important factors. The main overriding one being, that the specialised, complex and highly dynamic shifting nature of Information Security, coupled with the required expansion in the number of Regulatory / Legal requirements (We will broach this subject in our next blog) that are now placed on almost all businesses, is definitely a key consideration, or at the very least should be. 

Businesses and this undoubtedly includes Third Sector Organisations that IS Know How is specifically tailored for, such as; Charity, Social Enterprise and Not-for-Profits, where they really need to re-program their previous way of thinking. The need to be able to mitigate the various kinds of data that your organisation creates, maintains and archives more than ever; needs to meet a much higher level of what's termed Confidentiality, Integrity and Availability (CIA) of Personally Identifiable Information (PII) including Financial, Health and Employee data to name just a few, that is held or transferred via digital networks and even still stored in traditional filing cabinets.

We must not forget, that even the older paper filing and storage can and still does contain a wealth of PII within many organisations and this is an additional requirement to secure to the best of your ability and resources, where we will write a future Blog surrounding 'Social Engineering' which is likely to open your eyes too.

One huge hindrance to many SME's the world over, compared to larger organisations and corporations, is that the latter of course are much more able to consider or actually employ an IT specialist (Covering various disciplines) and even have several within a dedicated department. This is often, not a luxury that smaller organisations can afford in the traditional sense or type of structure within, both from a cost standpoint, which importantly includes time, of which we know almost always incurs a financial cost too = Enter Managed Services front and centre.

IS Know How appreciate how difficult it is for Third Sector Project Directors, Boards of Trustees, Management of and especially the army of Volunteers, where incidentally there were;

"14.2 million people formally volunteered at least once a month in 2014/15"

by UK Civil Society Almanac 2016 / Volunteering Rates and Overview
Security Operations Centre (SOC)

With the above in mind, we certainly understand that after all, this is often not any of the above listed stakeholders forte at all and that there is an element of forgiving for this. However, that is where it must stop, as collectively, we all have a duty to do much more and we are already required to do so: Data Protection Act, that is soon to be replaced by the EU General Data Protection Regulation (GDPR).

Managed Cyber Security Services are now becoming a little more commonplace, demand is rising what with an increase in knowledge, understanding and the threat of both risks to your stakeholders data but also the aforementioned regulatory risks.



So, How Does Outsourcing your Information Security to a Managed Services Provider help your organisation? 

  • Cost-Effectiveness, especially if like IS Know How, it is a Monthly Subscription based 'as-a-service' platform.
  • Predictable & Manageable Costing, whilst being able to outsource and gain the knowledge, expertise and skills whilst knowing how much it costs per month is key.
  • 24x7x365 'Security Operation Centre - SOC' coverage without the huge cost burden, as if this was done in-house by your organisation, which it would unlikely ever be cost effective in reality, for Third Sector Organisations especially.
  • Managed Access to of a Plethora of Tools for Information, Data & Cyber Security Threat & Risk Mitigation, utilised by experts who live and breath this industry and subject matter.
  • Proactive vs. Reactive, rather than the latter approach of reacting to a problem after the fact, outsourcing your information security allows your Third Sector organisation, to employ a proactive one in mitigating much more of the many risks and threats, than going it alone.
  • Reporting & Analytics, enabling your organisation and it's decision makers, to always be kept up to date on the smooth running of the outsourced requirement.
  • Ability to Focus, largely on your organisations core Charitable, Social or Not-for-Profit activities, whilst meeting your various regulatory and stakeholder obligations regarding Data Security and Personally Identifiable Information. 
  • Better Utilisation and Deployment of your organisations personnel and finances. Why overstretch yourselves and panic, if there's no need to.
  • Finally, a Huge Decrease in your Reputational Risk, compared to ignoring the risks abound today and tomorrow.


Summary Thoughts:

Whilst the above points are only scratching the proverbial surface, IS Know How believe in not over burdening the sector with too much, too soon information and technicalities wise, this will be a long and joint collective journey. A journey that is only just beginning but as believers in your various Charitable, Social or Not-for-Profit mission and aims, ISKH are proudly positioning ourselves as custodians of your current and future Information & Data Security needs.

The question remains though; can you hand on heart, state that your Third Sector Organisation can architect, design, develop, implement and maintain all of the above and more, plus financially be able to afford doing so? We believe that for the most part, the answer would be a resounding no.

Managed Cyber Security Services really are your future, for helping to alleviate and mitigate the many risks and threats, that your data lives surrounded by - Therefore, consider IS Know How's Managed Cyber Resilience Services.

*Foot Note* There is no such thing as "Full Protection"​ when it comes down to Cyber / Data Security and everything within this sphere. This is why you will never see IS Know How proclaim "Protection", our first love is of course "Mitigation", where that is much more representative at this moment in time and for the foreseeable future.


2
A Warm Welcome to IS Know How - Cyber Security for...