Discussing Cyber Security with Recite Me CTO
Recite Me has recently become a certified member of Cyber Essentials Plus - a government certified scheme that guards organisations against the most common cyber threats and demonstrates our commitment to cyber security.
We caught up with Rob, Recite Me’s Chief Technical Officer, to delve deeper into the world of cyber security and what we do to ensure our SAAS product is secure.
What do we mean by cybersecurity and what is the risk?
Cybersecurity is a term used to encapsulate all necessary security actions, precautions, and considerations we should make as digital companies to be aware of the digital threats which face us and mitigate those threats as best, we can. It covers not only physical assets such as servers and laptop computers but also our cloud environments, transfer of information and much more.
In the same way as you would not go on holiday and leave your front door open, in the world of digital information we must take precautions to not leave our digital front door open. Failing to do this could allow attackers to utilise a vulnerability such as a misconfigured application, an open port, or some unprotected files to steal sensitive information.
The risk of not taking cybersecurity seriously could be that your companies (or worse still, your clients) personal/sensitive information is stolen. Ransomware attacks are becoming increasingly common in today's digital society. These attacks can result in large sums of money being requested to restore files that a hacker may have encrypted and thus rendered unusable.
This may all sound very scary, but whilst it must be taken seriously there are a lot of common-sense approaches you can take to keep yourself protected such as keeping applications up to date, checking that your firewall is configured correctly, ensuring you have solid backups in place and that your anti-virus software is up to date, etc.
Should all tech companies have a cybersecurity strategy?
Absolutely, it's imperative that all companies, both big and small, have a cybersecurity strategy so that they can both understand the risks but also mitigate and or plan for them. This strategy should be reviewed regularly so that it remains current as you never know when you may need to rely on it.
What does Recite Me do to make sure their SAAS product is secure?
At Recite Me we do several things to ensure that we're confident in our approach to cybersecurity. Our actions begin as low level as our development process and span through to regularly scheduled penetration tests and around the clock proactive monitoring. We take both our LAN environment into account with cybersecurity as well as our online (WAN) architecture and systems. We have recently undergone a Cyber Essentials Plus audit and we're happy to report that we passed with no issues, first time.
Aside from the actions taken locally in our dev environment through to the server architecture that we use, we also apply a common-sense due diligence approach to onboarding 3rd party vendors. This is to satisfy ourselves that their security posture is aligned with ours and that we can trust them to perform their actions securely on our behalf.
Does cybersecurity include people’s data, and what’s the best way to make sure this information is secure?
Protection of data is one of the key goals of a solid cybersecurity strategy. As you can imagine, the protection of personal data, whether this be your own or that of your business and/or your clients is extremely important. Additionally, since the introduction of the GDPR in 2018 the legal obligations of all applicable organisations whether they be a data processor or a data controller, have been tightened. Failing to meet the requirements of the GDPR (which is aimed at keeping sensitive data private and protected) could result in business impacting fines.
The best way to make sure this information is secure is to design and follow a good cybersecurity strategy across your entire organisation.