Our Trusted Partners are an integral part of the ECRC, being able to accredit cyber essentials. But here is a little more information about the people behind the partner.
Tell me who you are and what you do within Starswift Information Security?
Rob Lancaster, director of StarSwift Information Security. I run a small Information Security Consultancy. We are also a Cyber Essentials Certification Body.
How did you get into cyber resilience?
I moved into Cyber Security a number of years ago following a transition from a variety of Information Technology and Service Management roles.
What’s the best thing about working at Starswift?
Being a small company I have more flexibility in terms of the type of work and clients I work with. The flexibility and diversity of engagements is definitely a highlight.
What size companies do you work with?
I prefer working with small to medium sized companies. Generally those with smaller budgets for both IT and Cyber Security. There’s still much that can be achieved with smaller budgets and resource levels!
What do you see small/medium companies struggling with in terms of cyber resilience?
I see many smaller companies struggling to look beyond the standard technical controls such as endpoint protection with less focus on administrative and physical controls that also contribute to overall cyber security hygiene and good practice. There is much that can be achieved at little or no cost that can improve security posture. It’s just knowing what can be done and how to implement it.
Why should companies get Cyber Essentials accreditation?
Cyber Essentials is an excellent starting point. Many companies are already in a position where they could certify for Cyber Essentials. In other cases, the Cyber Essentials self-assessment can be a good guide to where remediation or improvements can be made that could lead to Cyber Essentials certification at a later date.
What three tips would you give a company with little knowledge of cyber resilience?
Firstly, assess where you are now and where there might be some gaps. From there, determine where you want to be and where improvements can be made. Plan to implement those improvements and in what timeframe. Finally, make use of some free and readily available resources such as the National Cyber Security Centre “Information For…”, “Advice and Guidance” and “10 Steps to Cyber Security” publications. SANS (sans.org) also has some very good free resources to assist companies.
Do you order starters or desserts?
I definitely have a sweet tooth but I’d probably go with Starters!
Suppose you have been given an elephant and you can’t give it away or sell it. What would you do with it?
Assuming it’s not living in the house with myself, the wife and the dogs… I’d establish an elephant enclosure (somewhere), and try to use the Elephant to promote animal welfare and raise money for charity. * This clearly needs more thought and planning … but that’s the first thoughts on the matter.