Bergerode Consulting is an IASME-accredited Cyber Essentials and Cyber Essentials Plus certification body. The Cyber Resilience Centre is incredibly proud to work with Bergerode Consulting through our Cyber Essentials Partners group.
Based in Lancashire, Bergerode Consulting is a Cyber Security consultancy formed by Dr. Kevin Crichton (who studied for Lancaster University's Cyber Security MSc in 2010). They aim to help organisations and businesses of any size to become more resilient by strengthening their cybersecurity defences.
The company offer a wide range of services not only encompassing Cyber Essentials, Cyber Essentials Plus, and IASME Governance, but also offer more bespoke services such as ISO 27001 Information Security Implementation and Auditing, ISO 22301 Business Continuity Implementation, Cyber Health Checks, Penetration Testing, Vulnerability Management, virtual Chief Information Security Officer (CISO) services, and Risk Management.
💡Cyber Essentials Tip: Taking Cyber Essentials will help secure your finances. Many small businesses have been hacked and lost thousands of pounds to cybercriminals and often been placed in a precarious financial position because of this. Cyber Essentials also comes with free Cyber Indemnity Insurance worth £25,000.
They have experience working in multiple sectors with clients across the UK, Europe, and North America, ranging from multinationals to local charities. They are active in many areas, including engineering, defence and aerospace, the NHS, healthcare, and many more.
Lockdown and COVID have changed the way that Cyber Security Specialists are working, with the increased use of remote meetings. Almost all meetings are done remotely now at Bergerode, save for when they are onsite carrying out work that can't be done remotely. ‘The amount of technical work that can be done remotely has largely stayed the same, largely due to the technical nature of the client's infrastructure. The decline in travelling time has allowed us to have greater flexibility in responding to clients' requests.’
Bergerode Consulting were motivated to join the NWCRC’s Cyber Essentials Partner group 'We feel that the CRC has a great deal of potential to help SMEs and other organisations, such as charities, to engage with cybersecurity in a positive manner. Cybercriminals often consider SMEs soft targets because they aren’t considered prosperous enough to invest in cyber defences. SMEs are also less likely to report attacks or engage with the Police or cybersecurity companies after any attack. The CRC has a great opportunity to act as an impartial body helping SMEs, putting them in touch with cybersecurity SMEs who can provide a solution they need - SMEs desperately need assistance and guidance that’s relevant to them and their situation.’
What should a small business prioritise when it comes to Cyber Security?
Bergerode Consulting recommends that a business be aware of its threats. Once a business understands what it faces, it can then make informed choices about what to do.
Businesses should look to providing the security awareness training their staff needs to deal with such threats (like phishing) and also what security products they may need to purchase.
A business that is informed about threats has a much better chance of meeting and overcoming these threats, should they occur, than a business that isn’t. Businesses that don’t prepare for the latest cyber threats may survive, but they will end up in a much worse situation than before the threat occurred.
What is the biggest myth in Cyber Security?
We asked Bergerode Consulting; What the biggest myth they've heard about Cyber Security is?
‘Businesses must buy expensive hardware or software solutions to implement effective cybersecurity. They don’t. Effective cybersecurity, in my view, is, first and foremost, a set of positive behaviours which put cybersecurity on a solid footing. Just now, knowing what threats your business faces determines what choices you make about meeting these threats.'
Kevin continues, ‘If a business faces a malware risk from staff using personal USBs in company workstations, some security companies will try to sell software to that business which controls the use of USBs, but such software can be expensive, and it will certainly not address the reason why staff are using USBs, to begin with. Rather than buy such software, companies should seek to address why staff are using personal USBs and take ownership of the issue by updating the staff handbook to make use of personal USBs not permissible and also look to using existing software, e.g. Active Directory, to manage the use of USBs. This is more likely to address the root cause of the issue and deal with any risks than just buying a solution and being locked into an expensive support contract.'
“The CRC has a great opportunity to act as an impartial body helping SMEs putting them in touch with cybersecurity SMEs who can provide a solution they need - SMEs desperately need assistance and guidance that’s relevant to them and their situation.” - Kevin Crichton, CEO at Bergerode Consulting
