Cyber Essentials Package
Prepare, Train, Defend: Your Shield Against Cyber Threats.
Cyber Essentials targets all three of the most common risks in SMEs
In a truly comprehensive cybersecurity framework, three essential components converge—namely, People, procedures, and technology. Individual employees serve as first defence, acting as both custodians and architects of cybersecurity - armed with the knowledge to detect, report and remediate cyber threats that may come into their inboxes. Equally pivotal are well-structured and efficient processes that oversee all security operations. These protocols meticulously oversee and execute every facet of cybersecurity, leaving no gaps for vulnerabilities to exploit. Lastly, technology assumes the role of an enabler, equipping the necessary tools and solutions to fortify digital landscapes.
Unfortunately in small businesses, there seems to be a “set and forget” mentality when it comes to cyber - often leaving it to the overworked IT support provider to provide the occasional maintenance of only the technology. This leaves small businesses incredibly vulnerable to attack, since 90% of all successful breaches come about because of user behaviour, NOT the technology, and the unpreparedness of these companies to handle a cyber attack.
The Cyber Guys Cyber Essentials Package is the answer to this problem that has been put in the “too hard” basket for small businesses
What is Cyber Essentials?
The Cyber Essentials Package encompasses an all-encompassing, in-person system evaluation influenced by the ACSC Essential 8 benchmarks. This is accompanied by monthly simulations of phishing scenarios, top-tier in person training and monthly modules for your staff, complemented by an interactive portal to show you where your weaknesses are, and what we are doing about it. You get a quarterly report to continually enhance cyber consciousness throughout your organisation.
Our partnership is forged for the long run, with the intent of aiding you in comprehending your company's vulnerabilities and taking tangible measures over the course of twelve months to forge a more secure future.
Why does Cyber Security Matter?
Your Reputation Depends on it
When a customer gives you their information - whether that is their email address, or credit card information, they are expressing a level of trust in your business to keep their information safe from public disclosure or abuse by unauthorised parties.
A data breach where this information was stolen or leaked would very quickly erode the trust and effort you have put into building these relationships. Data breaches have crippled big businesses, and small ones alike.
Could you afford to have your customers walk away?
Cyber Breaches are very expensive
As per the Australian Cyber Security Centre's findings in 2021, a solitary cyber breach incurred an average cost of more than $55,000 for Australian businesses. This financial impact doesn't even encompass the subsequent harm to your business's reputation and the loss of clientele resulting from the breach. In accordance with Australian law, if data is compromised, you are required to notify both the government and all stakeholders associated with your business.
Can you afford to have a data breach?
Your Intellectual Property could be sold
Other than customer data, or possibly company financial data, another major target of cyber attacks is proprietary business data, such as plans, code and other intellectual property, or strategy and communications, such as email, voicemail and shared documents.
If your business data becomes public, or is sold to competitors or a state entity, the profitability of your business could be severely harmed. Digital documents are the lifeblood of any businesses, and their disclosure is a business problem, not an IT problem.
Taking proactive action makes commercial sense!
What does the package include?
Cyber Essentials is a 12 month project combining an interactive portal, expert cyber security and process auditing and world class user training to cover the three pillars of of a secure network.
-
We commence by conducting a sequence of email and SMS phishing assessments. Additionally, we delve into the depths of the dark web to check whether any of your business data has been compromised. Concluding this phase, we perform comprehensive scans on your off-site systems to detect any potential vulnerabilities that might have been overlooked.
Our engagement extends to ongoing staff phishing simulations, at least once a month, throughout a 12-month period, accompanied by quarterly meetings to review and discuss your risk profile - depending on the level of service you request.
-
We meticulously examine each computer within your enterprise, seeking out outdated, overlooked, or concealed vulnerabilities that malicious actors exploit to illicitly infiltrate your systems. Our comprehensive audit surpasses the benchmarks set forth in the Essential 8 framework established by the Australian Government, and is a starting point to raise the technology standard to cyber best practice. We also audit your business processes and policies to ensure that data is being handled safely
-
Your workforce serves as the primary shield against cyber-attacks. In the absence of proper training for your personnel, even the most advanced security technology remains insufficient to thwart potential attackers. Our approach involves delivering a tailored training session for your employees. at your office. Complementing this, we will also assign monthly training modules to pinpoint individuals who might benefit from supplementary guidance.
-
Once we have finished our onsite training and audit, we will produce an extensive report and will have a meeting with your management team to discuss our findings, and a plan to action, in the least disruptive way, our recommendations over a 12-month period. We will also discuss how we continue to test your people risk over these 12 months and the process for providing additional assistance to the staff members who require the most support through our ongoing phishing simulations & module training.
We have a Cyber Essentials Package for everyone!
-
Cyber Essentials Starter
Cyber Guys Starter includes access to our Cyber Guys Portal with the risk dashboard to allow you to complete your own IT security audit, with our guidance in a quarterly meeting and email advice report.
This is a DIY service which we provide for free. Sign up here
-
Cyber Essentials Standard
Suitable for companies with 3-15 employees, this offering includes access to our portal where the risk dashboard is filled out for you, one phishing simulation a month for 12 months, quarterly SMS phishing schemes to company mobiles, and an Essential 8 audit to Level 1 compliance. We also look at any existing policies you have around information and risk, and make suggestions on improvements. It also includes a single remote user awareness training seminar catered to your industry and access to our 12 month module training program.
-
Cyber Essentials Pro
Cyber Essentials Pro is designed for larger SMEs with 15-50 employees and includes everything in the Lite package; plus:
An onsite Essential 8 audit to Level 2, eight SMS phishing campaigns over 12 months, company device malware checks, and penetration testing of your systems environment. We also conduct a more in depth examination of your information governance and risk management procedures and includes up to six hours of remediation labour per annum while the engagement agreement is in place.
-
Cyber Essentials Ultimate
For medium sized companies with up to 100 employees, we include everything in the Pro package, plus
We double the number of phishing simulations to 24 per annum, complete an Essential 8 audit to Level 3 and examine and write new policies (where necessary) in Risk Management, Cyber Breach Policies, Work From Home Procedures, IT Policy, Data Protection & Governance, Business Continuity and Disaster Recovery Planning; along with a monthly consultation call
Companies at this size should consider our Virtual Chief Information Security Officer service
Human Error Remains the leading causes of breaches
Your people are your biggest cyber threat, but they can also become your most robust defence.
Cyber Essentials focuses on people, as much as technology and processes
Human error continues to be one of the leading and most persistent causes of security breaches in Australian SMEs. Despite the advancements in technology and the implementation of sophisticated cybersecurity measures, the fallibility of human judgment and behavior remains a critical vulnerability that cybercriminals exploit in about 90% of breaches. This issue is particularly pronounced in small businesses, where limited resources and varying levels of cybersecurity awareness can exacerbate the risks associated with human error.
At Cyber Guys, we take a Wholistic Approach to SME IT Security
Business IT security isn't just a problem for your IT support provider, it is a responsibility of everyone in your organisation. We combine our enterprise-class systems auditing, with ongoing user training and practical data to assist making your small business more secure. We know that understanding your risk means you can reduce it - we work with you long term to ensure that we are addressing the human risk as much as the technology risk
The Leading Causes of Breaches in small businesses include:
Phishing Attacks and Social Engineering - Cybercriminals often capitalise on human psychology to manipulate individuals into revealing sensitive information or performing actions that compromise security.
Weak Passwords and Authentication - Weak passwords and poor authentication practices remain prevalent. Employees may reuse passwords, choose easily guessable ones, or share their credentials, creating opportunities for attackers to gain access
Misconfigured Systems - Errors in system configurations, network settings, or access controls can inadvertently create vulnerabilities that can be exploited.
Insufficient Employee Awareness - Inadequate cybersecurity training leaves employees ill-equipped to recognise and respond to potential threats. A lack of awareness about current cybersecurity risks and best practices can lead to breaches