A Trusted Partner
My clients tell me how difficult they find it to recruit a "full time" employee with all of the required skillsets and experience that they need in their organisations to protect them from the cyber risk. This is an issue that is becoming more widespread as companies wake up to the growing security threat.
There are plenty of consultants out their who can do "Information Security" - but they know little about digital investigations or the law surrounding surveillance and monitoring of staff. Likewise, there are plenty of forensic computer examiners who are "experts" in their field - but they know nothing about data protection or business continuity.
I'm different and the way I work is different, thats why I become such a trusted and valuable member of the team with my clients.
The support I give is special and unique. I have the necessary expertise and exerience to fill "that gap" and to fully support my clients needs.
I have developed these skills and built on this experience since 2005, in government, in law enforcement and in private practice. The advice I give is sound, lawful and practical and its focused on delivering business success.
There is no point in investing in your cyber security and protecting your data if your server gets flooded, your supply chain collapses or because of a civil emergency your staff can't travel or get into the office.
Failing to plan ahead will mean that your business is not equipped or resilient enough to cope with business disruption, natural disaster and civil disobedience.
A failure to plan, and test this plan can result in a loss of customers, reputational damage, financial loss and even bankruptcy.
I will develop your Business Continuity Management System (BCMS), review your existing plans, make sure that they are up to date and suggest improvements. Importantly I can also help you test the plans to make sure that they work.
As a Business Continuity Professional I help my clients to avoid disaster, by planning for disruption. The Business Contnuity Management System and Plans developed for your specific needs are compliant with ISO 22301, the international standard for Business Continuity Planning.
General Data Protection Regulations (GDPR)
The General Data Protection Regulations (GDPR) replace the UK Data Protection Act (DPA) in May 2018. And will become law across the UK.
It will make no difference whether we are in or out of the European Union (EU). If you deal with or handle european citizen data you must comply with the regulation. And both the UK government and the Information Commissioners Office (ICO) have said that we will fully comply with the legislation.
The fines for a data breach will be huge. And could be as much as 4% of the global annual turnover of your organisation or 20,000,000 EUR whichever is the greater.
There are many other provisions and requirements that will require time and expertise to ensure compliance. I am helping all of my clients to meet the requirements of the new law.
Information Security & Data Protection
I help prevent organisations from having leaking data and from suffering the subsequent sanctions in terms of regulatory and civil penalties and fines, or criminal prosecution. A breach will also result in the inevitable loss of customers and damage to your business reputation.
If the worst has already happened, I will help to mitigate the effects after a breach, by building the systems and writing the policies to stop it happening again.
I work closely with my clients to ensure that they have an Information Security Management System (ISMS) that is up to date and fit for purpose.
An ISMS is a systematic approach to managing confidential or sensitive corporate and client information so that it remains secure (i.e. available, confidential and with its integrity intact).
The ISMS that I design and help implement is tailored to your business and is compliant with ISO27001, the international standard for information security.
Cyber Security Awareness / Training
Employees are your biggest asset but they are also your biggest risk. One of the biggest misconceptions in business is that the cyber risk is an "IT" risk. It isn't - Its a business risk !
You can spend huge amounts of money on having new firewalls and technical measures put in place, but that won't stop an employee from clicking on that "phishing" link, plugging in an infected USB device or falling for a social engineering attack.
The only way to defend against these threats is through education and awareness training.
I deliver security awareness sessions and workshops to all of my clients employees, to directors, police officers and students at top table events and organisational training days and have successfully raising their awareness of cyber threats and risk in the workplace, and also on social media.
I have over 17 years experience in the Metropolitan Police Service at New Scotland Yard as an Qualified Investigator and Detective. 8 years of that time was spent investigating serious internal investigations, dealing with:
I advise and support my clients with their own internal workplace investigations, providing them with much needed expertise and investigative support.
I am also a member of the highly regarded Council of International investigators (CII)