Friday, 13 December 2019

Cyber Crime – who can be affected and how

There are many misconceptions about who can become a victim and how they can be affected in the event of a cyber attack.

The single most accepted misconception is that a small business is not worth the effort for a hacker to target, which leads to small business owners often bypassing the cyber security practices. As a result, nearly half (47%) of small businesses suffered a cyber breach or attack during 2018, as there are, quite literally, no barriers for cyber criminals to break.

All businesses use various hardware and software to support them and they all have to manage their clients and financial transactions. This makes them all prone to cyber security breaches, leaving their customer data, including credit card details at risk.

Most people believe that with a good IT department and suitable anti-virus software, your devices are safe. An IT department cannot possibly oversee all employee behaviour which is why staff need to be trained to stay away from unsecured networks, suspicious emails and compromised websites. A total of 36% of breaches in 2018 were caused by authorised user errors or misuse.

Apple devices are not completely safe although these devices are more withstanding against viruses, cyber criminals have learned a thing or two in the past few years about getting around Mac and Linux security systems. The same goes for anti-virus software. Nothing is completely safe from a determined cyber criminal.

It is not just laptops and PCs that are prone to a data breach but also phones and tablets, including personal ones. It only takes one weak device connected to your network to bring the whole system down, if targeted. And that doesn’t mean you will even be aware of the attack, as the majority of hackers prefer to stay unnoticed for a long time.

Most people believe data is safe in the Cloud but this structure is exposed to cybercrime the same way your devices are. These providers usually have high cyber security standards in place. However, if the likes of Adobe and British Airways cannot withstand an attack, neither can the said providers.

Considering all of the above, complying with the GDPR might become a considerable challenge, as a data breach of any kind can raise even bigger regulatory issues. Adhering to the rules of the GDPR means having sufficient security in place, as well as being thoroughly prepared to respond to a breach.

You should always keep software up to date, as your providers will be adding and refining their security measures with every update.

You can mitigate your risk by taking out cyber insurance and Digital Risks are one of the many providers out there who can help.

Click here to read the full Blog that was published this week by Ben Rose.

Chapter Three Consulting provide a low cost, easy access Data Protection Staff Awareness e-Learning Course to ensure that you can evidence that your staff have been trained. 

Call 0330 004 0020 or email for more information.

Thursday, 19 September 2019

The Onboarding Revolution

Improve the way you sign up and check new clients

Any business that collects personal data in the form of documentation, i.e. passport, drivers’ licence, proof of address etc is responsible for ensuring that they are kept safe and secure in accordance with data protection legislation.

Imagine a portal where documents can be uploaded directly into a secure Cloud storage location.

We provide a cost effective solution where documents can be transferred securely, kept for as long as necessary and deleted as appropriate.

Improve the way you sign up and validate new clients:
  •          Automate your engagement letter
  •          Enable clients to sign forms and contracts online with e-signatures
  •          Facilitate the secure transfer of documents required for identification
  •          Get instant ID checks and verification

Initial information to create an account and document upload can be managed internally or externally by the customer themselves.

Keep track and monitor your clients in one central location, helping you to stay compliant with data protection laws.

Ideal for companies who need to retain proof of ID:
  •          Accountants
  •          Solicitors
  •          Estate agents
  •          HR records
  •          Recruitment agencies
  •          Test & Examination centres
  •          Universities & Colleges
  •          Restaurants
  •          Vehicle hire
  •          Tool hire

Contact us on or give us a ring on 0330 004 0020 to find out more.

Thursday, 5 September 2019

Mitigating Supply Chain Risks

An interesting article published this week on the UKFast Blog  discusses how supply-chain risk is fast becoming a prominent theme in cyber security.

A chain is only as strong as its weakest link and this applies even more so when networked IT systems and shared data are involved.

Breaches resulting from third-party security lapses are on the rise. Last year, 59% of organisations said one of their vendors or partners had caused a breach. Almost 75% said they believed such incidents were likely to happen again.

In June police forces across the UK were forced to cease all work with the country’s largest private forensics provider, after a ransomware attack destroyed or locked essential case data held on the company’s systems.

Police across the country have suspended all work with the company as a result, which is believed to account for more than half of all of their outsourced casework.

Privacy protection has become a significant focus for regulators and businesses are now being held to account for the actions of suppliers.

Customers will abandon a brand after a significant breach. Consumers now judge a company on how reliably they protect personal data.

It doesn’t matter if the breach happens on a supplier’s systems. If the brand that contracts the supplier and gives it access to customer data, they are accountable.

Every contractor and subcontractor working with customer or proprietary data needs to take ownership of cyber security, and protect the sensitive information it stores, receives, or transmits.

It is not a matter of IF a system will be breached – it is now a matter of WHEN.

Edward Whittingham sets out the following vital steps for identifying vulnerabilities:
  •         Auditing your existing supply chain
  •         Create minimum cyber-risk standards
  •         Don’t forget the supplier’s suppliers
  •         Audit, measure, repeat
  •         Create a culture of cyber-risk awareness across your supply chain

For a review of your supply chain contact Chapter Three Consulting on or call us on 0330 004 0020 to find out how we can help you.

Monday, 12 August 2019

Legal Training Requirements for all Business Owners

Did you know that all companies are responsible under the Health and Safety at Work Act 1974 for providing health and safety training and information to employees to ensure they are not injured or made ill by the work they do?

Did you also know the introduction of the General Data Protection Regulation (GDPR) and the new Data Protection Act in May 2018 requires companies to record and monitor data protection training for employees and that this is a vital aspect of evidencing that a company is complying with data protections law in the UK?

Do you have evidence that your employees have been trained?

Chapter Three provide an easy cost effective solution to ensure your business can demonstrate compliance with these employment obligations.

Workplace Safety Course Structure

  • The course contains 6 Units covering:
    • Fire Prevention & Control
    • Slips, Trips & Falls
    • First Aid at Work
    • Manual Handling
    • Working Safely with Display Screen Equipment
    • Steps to Conduct a Basic Risk Assessment

Data Protection Course Structure

Everyone needs to understand the care they need to take when handling personal data.

  • The course contains 8 Units covering:
    • An overview of the GDPR
    • Information and Cyber security
    • Data access, handling and records management
    • The risks of mobile working
    • Employee responsibilities under the GDPR
    • Incident management and disaster recovery

Both courses provide comprehensive assessments to test a student’s knowledge and certificates of completion are issued to prove that legal training requirements have been met.

Access is only £12.50 for 12 months with a special offer of £20 for both courses per employee.

Contact us on or call on 0330 004 0020 to find out more.

Tuesday, 9 July 2019

Premises Licensing – Things you should know

Over the next few weeks, we will be providing a series of articles aimed at people who are either setting up or expanding businesses in the licensing or leisure sector.

We have often found that business owners have not been aware of the points we will be discussing.  This leads to them wasting time and money trying to retrospectively deal with issues that they should have been aware of at the start of the process.

We will be providing posts from our in-house experts and partner companies who are specialists in these sectors.

The Premises Licence

If you are starting a new business, where the premises has or requires a Premises Licence to sell alcohol during the day or night and/or provide hot food and hot drinks after 11pm, it is worth considering the Premises Licence at the same time as negotiating the lease or purchase of the property.

Businesses often concentrate on the lease or mortgage on the property but leave the licence until later.

Chapter Three Consulting can take the stress out of the licensing aspects, however here are some pointers:

Ask for a copy of the latest planning permission document from the local Council - this should be available as part of the property documentation - check to see if there are restrictions on the use of the site, particularly opening hours.

Check to see if there is a Premises Licence already active at the site.

If there is a Licence,
  •        Ask for a copy of it
  •        Check that the yearly fee has been paid
  •      It can be transferred to your company (or you personally) - this should be part of the negotiations
  •        Check that the company or person that holds the licence is still financially solvent - if it is wound up, there is a limited time in which the licence can be rescued

If there is no licence,
  •     Planning permission may affect how and when the site can be used for commercial activity
  •        Nearby residents and businesses can raise objections to a new Licence application
  •        Some Councils have more restrictive policies in Town and City Centre areas

We would be very happy to deal with the licensing aspects of any acquisition to allow you to concentrate on your business.

Contact C3C today on 0330 004 0020 or to find out how we can help you.

Tuesday, 23 April 2019

It is very difficult to prove GDPR compliance but ISO 27001:2013 can set you apart from the rest

There is currently no certification body for the GDPR. Although you may be able to demonstrate that you have implemented the policies and procedures required by the GDPR and the DPA of 2018, the implementation of an effective Information Security Management System (ISMS) provides re-assurance to customers, clients and suppliers alike.

ISO 27001 is a framework of policies and procedures that includes all of the legal, physical and technical controls used in a company's information risk management processes. It is one of the family of standards providing world-class specifications for products, services and systems to ensure quality, safety and efficiency.

ISO is the International Organisation for Standardisation and UKAS is the sole national accreditation body for the United Kingdom.

The way we use data has changed significantly over the last 20 years, specifically in relation to the way data is acquired and dealt with.

Whilst cyber-attacks resulting in data breaches dominate the headlines the truth is that the majority of data breaches occur due to human error:
  • A dropped memory stick
  • Sending something to the wrong e-mail address
  • Adding data to the wrong Dropbox folder
  • Not taking care of paper files whilst out of the office

In addition to this, over the last few years cyber attacks have increased in complexity and frequency, exposing millions of people and businesses to security breaches, theft and fraud.

In the digital age in which we live, the associated reputational damage arising from a data breach can be fatal to any business.

Do you look after or process client data? Are you an IT or telecoms company or part of the healthcare or financial industries?

What makes you stand out from your competitors and makes your clients’ choose you?

Contact C3C today on 0330 004 0020 or to find out how we can help you enhance your reputation and stand out from the crowd by achieving UKAS accredited ISO certification.

Thursday, 14 March 2019

What is Right to Work

Right to Work can mean different things to different people. In the USA, some states have regulations stating people have a ‘right to work’ without being forced to join a union, humanitarian organisations subscribe to the concept that people have a human right to work, or engage in productive employment, and should not be prevented from doing so. In the UK, it is all about immigration compliance and is sometimes also labelled ‘preventing illegal working.’ This article uses the UK Home Office term of ‘right to work’ but the alternative of ‘preventing illegal working’ gives a good indication of what is required.

From January 1997, employers have been required to make checks on immigration status to check for illegal workers. Initially employers were required to be able to demonstrate a statutory defence, but following new legislation implemented in 2008, employers are now required to demonstrate they have a statutory excuse for all employees.

The statutory excuse means employers need to check the identity and immigration status of prospective staff members before employment starts. This requires checking a proscribed document from the Home Office lists of acceptable documents. The employer needs to make basic, but appropriate checks to ensure the document belongs to the person presenting it; check the document is valid proof of right to work and that it is genuine and has not been tampered with. [This is where Passport Proven can help] Most importantly the employer needs to retain a copy of the document checked and be be able to demonstrate they have followed the necessary steps. An audit trail is important, so signing and dating copies also helps.

If an employer is satisfied with the documents, then it is likely the statutory excuse is in place; but what if a candidate cannot produce the required documents; or what if there are some doubts? The Home Office advise that employment should not be offered at this stage. It may be that the candidate has to apply for and provide some new documents or that the employer needs to research into their options. Either way it would be a mistake to employ someone without the necessary paperwork being in place. This is because of the potential for a Civil Penalty, or worse.

Employers who get this wrong could be subject to an illegal working penalty of up to £20,000 per illegal worker; and if the Home Office can demonstrate that the employer “had reasonable cause to believe” that the employee is an illegal worker, the ultimate penalty can be a prison sentence.

Passport Proven is here to make this process easier for you. It takes you through the steps of checking a document and provides you with a report meeting the record requirements for the statutory excuse

In summary, the right to work in the UK can be defined as the process and record needed to ensure the statutory excuse is in place. The process requires following a few simple steps in order to create the relevant record. Doing this will protect employers from the Civil Penalty.

By Oliver Kemp of Passport Proven

Visit or call us on 0330 004 0020 to find out more.