The Essential

Operational Resilience
Guide
For the Proactive CEO
 This world is changing every millisecond, and with these new ways
of being exposed to unknown risks. Trying to keep up with what you
need to know as a business owner in all aspects of your business,
taxes, laws, and staff needs can be overwhelming. On top of this,
cyber security is sometimes a new language, mainly foreign to most.
A lot of CEO’s may not know where to start when trying to understand
how to manage their cybersecurity risk and treat is a business and
not a technology risk

I’ve created this short guide as a way of knowledge sharing for

the proactive CEO.

Technology these days is the backbone of your business, which means

that cybersecurity is NOT just something for your IT team to worry about.

Just as your brand and business financials are not just something for
your marketing team and financial director.

Cybersecurity is the core basis for safeguarding operational resilience

within your business.

And as CEO and chief steward of the ship, it is your business to know.

At the end of the day, when things go terribly wrong - how will you
ensure that business can continue to operate? How will you ensure
that you don’t land your business into a legal or liability hotspot in the
unfortunate situation of a breach?
 What would happen to your business
if all systems were suddenly shut down,
or your client data stolen?

Hi, it’s Naveen here.

I’ve been a cybersecurity expert, speaker and

practitioner for well over 24 years, helping large
international companies all the way through to
small and medium sized businesses to protect
themselves against large hacks.

I believe in a level playing field where you don’t need to have big
budgets or spend millions to get access to good cyber protection
for your business - where often the small and medium businesses
are the most exposed.

Most businesses don’t think they are big or “significant enough” to

be targeted. But reality is that a lack of proper operational resilience
and back-up channels are a serious problem in a time of
heightened risk today. The cost of things going wrong is
potentially catastrophic with your job, reputation, and entire
business on the line. And all it takes is putting some basic
elements in place to prevent potential breaches.

Don’t stay oblivious - if you’re wondering what is the value

of the information held by your business today, and risk
exposure, keep on reading!

Regards,
Naveen Vasudeva
 10 Operational Resilience Tips
For the Proactive CEO

B u si ne ss Str ate gy v s E m p o w e r s e c u r i ty pro

Cy be r se c ur ity Str a teg y t o p r o t e c t yo u .

P ro t e c t your supp l y St o p c o m p a r ing

ch ai n b u s in e s s r is k s to others

Technology Busine s s Sh o p A r o u n d
Ack nowle dge m e nt

G et educ ate d on the T a k e a c t io n , b e

ri gh t ve ndor s in t e llig e n c e - le d

R ecognise se c ur ity a s
D o n ’ t s u r r e n d er to f ear
a busine ss r isk

Wh at i s you r B us i nes s S t r at egy vs

Your Cybe rse cur i t y S t r at egy

I was working with a small bunch of engineers a few years ago,

a team of 5-6 people, developing some amazing technology in
line with an arm of the government. They had failed to understand
the value of the IP that they were developing, and eventually
(and unfortunately) lost it in an attack.

Even worse, they were unaware the attack had taken place and
their IP had been stolen. It was not until months later they came
across their designs on the internet under development by another
nation state, and in production! Their lifelong ideas and hard work,
gone in just 60 seconds!
Many CEOs and business leaders make the mistake to relegate
cybersecurity to the domain of IT.

The truth is though that if your cybersecurity strategy is not aligned

into your business strategy and objectives- that you are already at a
heightened risk of cyber attacks, that will end up materialising into
financial and reputational loss.

This means it needs to map effectively to your core business,

so that you have the ability to effectively know and manage the
level of risk exposure you have to your core business processes.

Ti p:
Align your cybersecurity strategy with your business
strategy and goals by….
a) understanding what it is you are wanting to protect
b) what value does your business information hold and
c) what impact would there be if that information was
lost, leaked, unavailable or corrupted

Prote ct your s uppl y chai n

The National Cyber Security Centre has stated this as an on-going

risk for a number of years, always in their top 10!

Being part of a supply chain is important to small businesses.

It is vital that you take the necessary steps to ensure that you have
good security hygiene in place to protect your business but also to
ensure other parts of that supply chain do not impact your business.
Have a good understanding of how your business needs to interact
technically, what critical information are you exchanging and how.

The majority of successful cyber attacks in recent years is a result of

the supply chain being compromised, be that Oil and Gas, Banking,
or even public services like the National Health Service - it doesn't
matter how big you are or how deep your pockets are - you need to
get the basics right.

Ti p:
Make sure you are not the problem as part of the supply
chain by ensuring your own effective cybersecurity hygiene.
Cyber Essentials or Cyber Essentials Plus will not be sufficient
in moist cases.

A cknow l e dge t hat you ar e a

te chn ol ogy bus i nes s

Accept the fact that no matter how you view what your business
does, you are a technology business if you want to operate in the
21st century, which means you need to think like you are actually in
the 21st century. Don’t rely on your old ways of thinking,
“this will never happen to me” or “why would some target my business.
The answer is in the question - your thinking is outdated,
Technology drives everything, event if you are a 1 man band or
FinTech - your IP is what drives your business.
 Ti p:
Technology runs everything. Have that at the forefront
of your mind when setting our your technology and
cyber security objectives to protect your business.

Man agi ng ri sk s t art s w i t h get t i ng

educate d on t he ri ght vendor s

Vendors and suppliers of cybersecurity tools and technology are

vital to the ecosystem, there is no debating this, but not all of them
will service your needs. Larger technology companies may not support
or cater for small or medium sized businesses to that effect of they did
you would be paying for a Porsche when you can make do with a Ford,
brand names don’t give you good security all the time shop around,
be educated as to what is the market that help you protect your data
and manage your risk.

Ti p:
Bigger is not always better and brands vs no brands can
achieve the same objective so don't be a technology snob!

Recogni se securi t y as a bus i nes s ri s k

Don’t think that security is an IT problem. It is a business risk, full top.

CEO’s can delegate responsibility for sure, but they must be
intelligence led and informed.
The buck has to stop with you. I have seen multiple business fail as
a result of a lack of CEO engagement and understanding, well if you
want to be on TV and respond to an Incident Like Dido Harding
- feel free!

Ti p:
Security is a business risk, if you treat it as a technology risk
alone, you will never have a real insight to your cybersecurity
risk and threat landscape

Wh en you do fi nd t he ri ght s ecur i t y

professi on al , k now how t o empow er t he m
to prote ct you!

There is no point hiring security professionals or firms to help you

protect your business if you don’t then take their guidance and advice.
Reporting lines and job titles do not matter, delegated authority does.
Empower that person to act on your behalf, otherwise don't waste
your money, keep it for your legal costs when you get breached!
This is not meant as a scare tactic, it is fact, you will or have been
beached. There is no such thing as 100% security

Ti p:
Good cybersecurity advice should not break the bank, yes
its a specialist skill and in some cases can come with a
heavy price tag, be clear on what you want to invest and
work with people that can achieve that.
S top compari ng your bus i nes s ri s k s t o
oth ers or your cyber s ecur i t y pos t ure t o a
si mi l ar si ze d company!

Yes there is value in benchmarking but everyone is different.

You will never get a a apple to apple or orange to orange compression
- yes there will be similarities, but you cannot determine the way in
which you execute your business processes and technology is similar
to someone else. Never make that assumption. Do what is right for
you as a buisness.

Ti p:
Always hold up the mirror to yourself before you
compare your business to anyone else.

S hop A rou nd

Don’t accept the first bit of technical security advice you are given,
shop around, if you have hired an expert then LISTEN. If cost is your
main driver, just remember, in most cases you will always get what
you pay for, never assume you are getting more, that is a myth!
Security is based on contracts not goodwill.
 Ti p:
There are over 9000 cybersecurity suppliers in the UK alone,
let alone the world, no shortage of technology that can help.
Be smart, do youtube research and challenge your advisers.
Is the best way to learn.

Don’ t be the l as t t o t ak e act i on,

be i n te l l i ge nce-l ed

By that I mean educate yourself, be aware, at the end of the day it's
your business, you can't blame others or make the assumption it's
being done CHECK! Without being lame, you know what you know
and you don’t know what you don;t know - however, without being
informed correctly you will end up taking the wrong action - point in
case with where this phrase came from.

Ti p:
Being intelligence led in business may sound simple but in
most cases its not. Having the ability to see what is coming
is important, we forecast in business all the time, same
applies to security. The world moves at such a pace, be
on that train, rather than watching it go past you.
Don’ t su rren der t o fear!!!

Yes, for a long time anything cybersecurity related has come with
a lot of doom and gloom, whatever the issue is, has to be relatable
to your business. How will that impact you and do you have the right
processes, procedures and utilities in place to defend against, with
the right outcome for you? Fear does not work. It may be reactionary
and potentially some legitimacy in a technical call to action,
but measure it.

Ti p:
If anyone is attempting to sell you something based on fear,
sack them! There is no room for it, let it be based on fact
and impact to yoru business so you can make informed
and intelligence- led decisions.
In business, it is often the little things
that matter to us.

The acts one can implement today at low cost and build upon,
like policies, processes and internal procedures and assess
technically what will pay off in the long term.

When you buy a new phone, you can purchase insurance if

anything happens to it. But more often than not, you will also
get a case and screen protector to protect your phone from
accidental damage caused by you and your everyday use.

Well, protecting your business from cyberattacks is similar.

You need to plan for the (unfortunately) inevitable, but you
can also use simple tactics to protect your business daily.

It is also important to stress - cyber insurance is not the

answer for a small business and now these companies are
also removing a large scale of attack vectors which you
cannot claim for. The money you will spend on a premium,
you are better off talking to me! :)
 Not all technology is good for you

Empowering you as the CEO / Business owner with the knowledge to

make the right choice when it comes to protecting your business is vital.

For me, leadership is about decoding this ever-changing and challenging

environment so that you and I can converse about it.

It ensures that it is not just those in the know who will be protected, but
the average person walking down the street has peace of mind also.
With more and more small businesses on the rise, I want them to
have a good fighting chance to stay in business and not be crumbled
by a cyber attack they didn’t see coming.

Our advisory breaks things down into simple language to empower you
to make an informed decision on which risks need to be prioritised
and can be mitigated. Then supports you with implementing the
essentials to ensure those risks are addressed….

Without spending ridiculous amounts of money or

impossible implementation.

This guide is just the beginning

If you know that cybersecurity is something you need to address,

but you want it painlessly, book in a chat and let’s talk.

BOOK A CAL L NOW

N a v e e n