Member Blog

The Royal Mail in the United Kingdom have been fined £12,000 for sending 327,000 nuisance emails to people who had opted out of receiving such emails from them. By sending the emails, the Royal Mail broke the law, says the Information Commissioner’s Office (ICO) and they took appropriate action. The emails were sent to customers on two separate occasions in July 2017. Royal Mail defended the action as they believed the emails were more a “service” than marketing, for the emails that informed the reader of lower prices for parcels. The ICO disagreed with this, and that they were sent to advertise lower prices as part of a marketing strategy.

“Royal Mail did not follow the law on direct marketing when it sent such a huge volume of emails, because the recipients had already clearly expressed they did not want to receive them. These rules are there for a reason – to protect people from the irritation and, on occasions, distress nuisance emails cause. I hope this sends the message that we will take action against companies who flout them.

ICO’s Head of Enforcement, Steve Eckersley

Royal Mail has since apologised for their actions, stating that it would be carrying out additional training for staff, stating that they take customers’ privacy “extremely seriously”. After Friday 25th May 2018, these types of marketing campaigns will be directly affected by the General Data Protection Regulation (GDPR) that so many of us have heard a lot about in the past year or more. As the deadline looms, how companies handle data is incredibly important, and making sure that email marketing campaigns are only sent to those who have chosen to be informed or contacted. There is additional legislation that is still pending relating to business people’s details, and whether these too are classed as personal data. With stories including Facebook, Mark Zuckerberg, Cambridge Analytica, and the 87 million people who had their details shared, Cliff Richard and the BBC, YouTube and Global Child Privacy issues, the stories of fines will continue long into this year, and next. Some 30 social media platforms are under investigation as we write this, to see how they have been used in global political campaigns. Interesting times, but if you think the ICO will just be chasing the “bigger companies”, think again. A complaint can be logged by anybody against your organisation, who does not want you to keep their personal data. You must show that you have procedures in place to deal with this, and prove how the data has been removed. Fines will by up to €20 million or 4% of annual turnover, whichever is higher. Can you afford not to deal with the GDPR’s watchful eye? Your office equipment, such as multifunctional devices and software are at the forefront of your GDPR “compliance”. Speak to us to learn more, on how we can help your business or organisation. 

Landlords and tenants quite frequently enter into side letters (supplemental to the lease) to reflect particular arrangements between them.   Side letters can include rent concessions where the landlord might, for example, agree to accept a lower rent than that specified in the lease.  It is relatively common practice for a landlord to specify in such a case that if the tenant breaches a condition of the concession or a term of the lease then the concession given to the tenant will be cancelled.   The property industry was taken by surprise recently in a case concerning a concessionary rent where the tenant was late in paying an instalment. In that case the Court decided that the landlord’s attempt to bring the concession to an end (so as to revert to the higher rent referred to in the lease) was void on the basis that it amounted to a “penalty”.   The Court referred to a recent decision of the Supreme Court which reviewed the law relating to penalties. Previously, a penalty might broadly have been described as a payment specified as being due by a party in breach of contract which was not a genuine pre-estimate of the innocent party’s loss arising as a result of the breach.  The decision of the Supreme Court suggests that rather than being focused on whether a sum payable on breach is a genuine pre-estimate of loss (i.e. a liquidated damages clause), there is now a more general test as to whether the sum or remedy stipulated as a result of breach of contract is exorbitant or unreasonable in the circumstances.  Against this background, one can understand that if a side letter states that a remedy for the landlord following a breach by the tenant is to cancel the concession itself then the tenant might seek to argue that the remedy is exorbitant or unconscionable.   The law remains complex and each individual case will depend, amongst other things, on how the individual side letter is drafted and construed.  The reality, however, is that a landlord will no longer have the guaranteed ability to cancel a concession or other term of a side letter in the tenant’s favour purely because the side letter states that such remedy is available to the landlord.Landlords must be mindful of this when negotiating any side letters which include concessions.

The Lowdown on GDPR – Are You Ready?

There’s a big change coming in May. And if your business isn’t ready, you could find yourself in big trouble. Data protection laws throughout Europe are receiving an overhaul; the likes of which haven’t been seen for two decades. It’s taken over four years of planning and negotiations, but the European Parliament and European Council finally agreed on the new legislation two years ago. And since then businesses and public organisations have been preparing for the changes. Well, in theory anyway. If you’re like the majority and you’ve put GDPR on the back burner, it’s not too late – but you’ll have to act fast. First though, let’s take a look at some common questions. What exactly is GDPR?

The European General Data Protection Regulation (GDPR) is the new, improved version of the Data Protection Act. It comes into force on 25th May 2018, and it will change the way organisations collect and manage the information they collect about customers. The regulation is the new framework for data protection across the whole of Europe. According to the governing bodies behind it, the GDPR has been designed to harmonise data privacy laws and protect the rights of individuals.

We already have data protection laws.

Why do we need more? Yes we do, but things have changed a lot since the last laws were passed. It’s hard to imagine now, but back 1998 there was no such thing as smartphones and Mark Zuckerberg was just a 14 year old who hadn’t even considered the idea of Facebook yet. Let’s face it, the world is a very different place now and the change is long overdue. We’re creating and collecting huge amounts of digital information every second, and the laws created twenty years ago just don’t cut it any more.

Is my business going to be affected?

Yep. All organisations that collect data – even just a name and number – will have to comply with the GDPR. There are more hefty requirements for businesses employing 250 staff or more, but all organisations that collect any kind of personal data are going to be affected.

You will also have an obligation to erase the data of any individual who exercises their “right to be forgotten”. At any time, your customers can withdraw their consent to your storing or using their personal data and insist that you delete it. What kind of data does it cover? Voluntary groups, member clubs and charities are also going to be affected by the GDPR. The regulation encompasses both basic personal data (names, addresses, dates of birth etc.) and sensitive data (sexual orientation, genetics, religion etc.).

True, this information has already been covered under the previous data protection laws, but one big change is that anonymous data is also included now. In fact, the GDPR positively encourages the pseudonymisation of data, and there will be incentives for controllers to use this more secure method of collection.

The GDPR defines pseudonymisation as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” To pseudonymise a data set, the “additional information” must be “kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.” In layman’s terms, it’s a way to keep information private and store different data sets separately. Will there be a UK specific version?

Sort of. There has been some flexibility in terms of how individual countries choose to implement the GDPR, but they all have to adhere to the overall principles. The UK Government introduced its own new data protection legislation to the House of Lords in September. The Data Protection Bill 2017 will:

• Make our data protection laws fit for the digital age in which an ever increasing amount of data is being processed. • Empower people to take control of their data. • Support UK businesses and organisations through the change. • Ensure that the UK is prepared for the future after we have left the EU    It covers all the main areas of the EU regulations, but with some exemptions. My business is B2B and doesn’t collect customer data, so I don’t need to worry, right? Wrong! Any company with employees located in the EU is obligated to comply. You might not collect customer data, but you’ll still have information about partners and employees, and that information must all be stored in line with the requirements outlined. These include added protection for journalists, anti-doping agencies, scientific and historical researchers who handle personal data. The UK bill also states that parental consent must be required for all information about anyone under 13.

What’s the nitty gritty? The full GDPR paper contains 99 articles which all set out the rights of individuals and the obligations of organisations. Trust us, you don’t want to read them! In a nutshell, here are the main things you need to be aware of.

Accountability and Compliance

The GDPR means that all organisations that handle people’s personal information will be more accountable for that data. This includes things like clear data protection policies, risk assessments and developing documents that outline the what, how and why of the data you collect.

With cyber-crime at an all-time high and huge data breaches hitting the headlines, the risks of not looking after client information have been well documented. With large, well established organisations like the NHS, Yahoo, LinkedIn and T-Mobile all falling prey to cyber-attacks, nobody can afford to be  complacent.

The Information Commissioner’s Office has to be informed of any breach within 72 hours, and this information has to be made public. The repercussions of this aren’t just financial or legal… damage to reputation is often a lot harder to recover from. Companies that process a lot of sensitive data or undertake “regular and systematic monitoring” of individuals at a large scale are now required by law to employ a data protection officer. Arguably this could be an add-on to an existing role, but for a lot of bigger companies it’s going to mean employing a completely new member of staff.Organisations are also going to have to obtain consent to process data in certain situations. If you’re relying on consent to lawfully use someone’s information you’ll have to clearly explain that consent has been given, either in writing or through a “positive opt-in.”

Access to Data

The GDPR gives individuals a lot more power to access – and request the deletion of – any data that’s held about them. Until now a Subject Access Request (SAR) enabled businesses to charge a fee of £10 for someone to view the data that was held about them. Under the new regulations, the SAR has been completely scrapped. Now, anyone will be able to request their personal information completely free of charge, and this information must be provided within a month. In addition, the ICO states that all individuals have “the right not to be subject to a decision” that has a significant effect on them. Basically, organisations are no longer able to make automatic decisions based just on personal data and any decisions that are made must be clearly explained.

Fines

All laws have to be enforceable, and the GDPR is no exception. Any organisation that fails to comply with the regulation will face significant financial penalties. That means you can be fined if you: • Don’t process an individual’s data in the correct way • Fail to employ a data protection officer if required • Suffer a security breach How much you will be fined depends on the individual circumstances, but even smaller offences could result in a fine of up to €10 million or 2% of your global turnover (whichever is greater). In the case of major breaches which have a seriously detrimental effect on an individual or group, the fines could be as much as €20 million or 4% cent of a firm’s global turnover (whichever is greater). How to prepare your business for GDPR If you’ve got the time, you can read and familiarise yourself with all 99 articles (it’s OK. We know you’re very unlikely to do that). So if you haven’t got time, it’s important to have a clear idea of what’s expected of your individual organisation. For example, you might not need to employ a data protection officer. A lot of the main concepts and principles of the GDPR are similar to those outlined in the Data Protection Act, but this is a revamped version for the digital age. Don’t make the mistake of thinking there’s a grace period during which you’ll be forgiven a few teething problems and oversights. When the 25th May arrives you’ll be expected to be fully compliant and to be able to prove it. No excuses! The best thing you can do to ensure you’ve got everything covered is to enlist a data expert to come in and support you through the process. If it feels like an unnecessary expense, ask yourself how you’d feel about being fined, spending valuable time in court and having your name splashed all over the headlines. Getting your GDPR paperwork and procedures right is an investment that will save your time, money and reputation in the long run. This is happening. And you can’t afford to waste any more time.

We are able to help you with the data security aspects of GDPR. We can ensure that you have an appropriate level of protection on your network, using strategies such as a firewall, vulnerability scanning, and off-site backups of critical data. Give us a ring for a chat, or to arrange a data security audit of your business.

Call us: 01603 670682 or email us: [email protected] – Don’t forget to download a copy of our GDPR guide as well  

This time last year I didn’t think I would be writing a column about using bitcoin for buying and selling properties. The thought of cutting banks out of the conveyancing transaction seems unfeasible, however in December 2017 two new build homes in Essex became the first UK properties to be purchased using bitcoin currency. Since then a few other properties have been listed for sale only in bitcoin and although this is still a very small number, this shift may signify changes for how we will buy and sell properties in the future.  

For those who don’t know, bitcoin was launched in 2009 and is a type of cryptocurrency that enables users to make transactions without going through a bank. Bitcoins are used to carry out anonymous digital purchases or transfers, and every transfer or purchase is logged digitally. Cryptocurrency has previously been used for fairly low value transactions, however over the past few months; there has been a rise in people looking to sell their homes for bitcoins rather than cash. In December 2017, the Land Registry also confirmed its willingness to record the property sales completing in bitcoin.

The main advantage of using bitcoin is that transactions don’t involve a financial institution and money can be transferred instantaneously. There are risks to consider and although bitcoin has seen significant growth, its value is still extremely volatile. By accepting payment via bitcoin you run the risk that its value could drop overnight. Therefore, given the length of the property selling process in the UK, there is a high chance you could be left out of pocket by the time the sale goes through. Due to this volatility, exchange and completion has to happen simultaneously, which speeds up the process for both the buyer and seller.

The nature of the cryptocurrency will also create some hurdles within the legal profession and in particular with efforts to prevent money laundering. That being said, our learned colleagues in Essex have already worked their way through (presumably) the required verifications steps, and we at Spire Solicitors LLP are in the midst of the process now and we are very much open minded about the challenge.

If you would like to discuss this further, please contact Spire Solicitors LLP on 01603 677077 for all your legal needs.  

Our client, Mischon Capital, are a real estate debt broker based in Mayfair, London. In order to reward their expertise and fulful the recognition they deserve, our job is to optimise their online platform in terms of both rankings for search engines (mainly Google) and the user experience on the site – the recipe for a company’s online success.

Our end goal is to maximise the user experience and ultimately rank highly on search engines for competitive keywords such as:

• real estate debt financing
• mezzanine finance
• development finance
• senior loans

This is a particular industry we like, following our success with our clients in the space, such as Bridging Loan Hub.

Our Approach

A full site clean-up – Weak meta data, broken links and website crawl errors can all have devastating results on the online performance of a company website. Keeping these updated is fundamental to successful SEO. Therefore, we focused on this as our initial step in helping Mischon Capital flourish. Google favours websites with properly optimised meta descriptions and meta titles coupled with a website which is free from broken links, images without alt-text and a series of crawl errors. All meta-data includes target keywords at the beginning of the line so that Google picks it up first. You do not want to put your target keywords on every page, as this ‘confuses Google’ and they will demote all pages. Instead, you want to have focused pages with targeted keywords on each.

Landing Pages – A landing page is a single page on a website by which a visitor “lands” through a Google Search or by clicking a link, either internally or externally. The aim is to drive users towards this page to sell a product. For Mischon Capital, we created landing pages for ‘bridging’, ‘development’ and ‘senior loans’ to aid the user experience and boost the company’s enquires. To achieve both of these goals, we added strong contact forms, optimised images and videos on all landing pages.

Links – We continue to optimise these landing pages by directing strong links and building up their authority. We have been reaching out to links from specific business, finance and property websites and a simple link back to their brand name. We have looked at the links of competitors so we know what Google values highly and will continue to reach out to their partners, whether they are accountants, solicitors or even web designers, to continue to build up their link profile from legitimate companies.

Diversification in farming has long been a hot topic for keeping your business sustainable. Spire Solicitors LLP’s Agricultural Department comments on how landowners should be maintaining the balance between diversification to keep your family business profitable weighed against potential tax pitfalls.

The advent of 2018 and the progression of the Brexit negotiations has intensified speculation and interest among farmers and landowners in the UK over entitlements. It seems each week brings further comment from the Government. Michael Gove, the Secretary of State for the Environment, Food and Rural Affairs (DEFRA) spent his first days in 2018 supporting his ‘Green Brexit’ and at the Oxford Farming Conference at the start of the year has again confirmed the UK government will guarantee entitlements at the same level as the EU for a further 3 years once we have ‘divorced the EU’.

He also suggested that his plans are to reward landowners not for the size of their holding but for stewardship of the environment in the UK. This new farming policy creates an uncertainty, and some landowners may have to change their whole business structure in order to achieve the entitlements that they so rely on or to create a new income stream to support their business.

The changes to the government policies coupled with new technology and succession issues will cause some anxieties. Other avenues of business and income need be looked at and this is where diversification of the land use will be on the minds of many.

Diversification

Diversification is useful in providing other income streams, as well as to add value to your business; especially where there are unused outbuildings or plots of grassland for uses such as:

•           Wedding Venues

•           Glamping

•           Community Events

•           Festivals

•           Manufacturing products

•           Tourism

Any form of diversification of the business should be considered very carefully. For many landowners the most valuable asset is the land and leaving it to the next generation can be problematical. Currently the government have no plans to change the Agricultural Property Relief (APR) for Inheritance Tax but many landowners fear the worst. There is of course the possibility of Business Property Relief (BPR) but this is not as generous. Increased diversification takes farmers/landowners further from APR and more reliant on BPR.  

A key point to remember overall is if the land is no longer used for ‘agricultural purposes’ APR may be lost. This leaves the farmer looking long and hard at BPR which brings its own pitfalls. The Agricultural Department at Spire Solicitors will look more closely at this in the next segment.

When deciding to diversify we recommend you seek advice from your business advisors in providing advice to maximise the additional income stream and the structure of the business whilst also obtaining legal advice regarding your tax planning and business structure and to ensure you retain the value of your asset for those you wish to inherit ensuring one tax advantage now does not jeopardise the other reliefs later.

What we are doing for Iron Bridge Finance

With an advantage of working on a variety of sites within numerous industries, our team must look and dissect each website we work on, treating it as an individual case each time. Iron Bridge Finance are established in the mezzanine finance sector, but this is not reflected in their SEO rankings with their listings on mostly pages 5,6 and 7 of Google.

Our aim was to heighten user experience and create a good-looking, well-ranking website which was easy to use. We wanted to make the time spent on the site more engaging for the consumer by creating some interactive additions to the site, such as an in-built contact form and vital information on the header and the footer to make getting in touch easier.

Meta Data – One of the most fundamental parts of SEO and success on ranking for Google as well as other search engines. For our client, updating the meta data of their site was the first step in the process. Meta data includes SEO friendly meta descriptions and meta titles with target keywords in mind and alt-text being present on all images on the website. Meta data which has been carefully and correctly optimized is the difference between ranking on page one or two of google, or ranking on page six, for example. This is because it is the data which consumers will see on a Google search in addition to what Google prioritises in its algorithm.

Error Fixes and Clean Ups – Continuing on from meta data, a full clean-up of the site had to be conducted.  This involved crawling the site for broken links and error codes in order to put them right. Google makes no secrets that it favours websites which are deemed clean and have the best overall user experience. And this makes sense. Google want to recommend sites that are clean without broken links or pages because it will be a smoother journey for the customer.

Links – In SEO, having strong backlinks through PR is essential to build up authority and trust. As part of our work with Iron Bridge Finance, we began to work with our partners, relevant business and finance websites and used our tools to see what links had been gained by competitors on page one. It follows the notion that if Google likes these specific links and is rewarding other firms, the same logic applies if we capture these links too. We have been speaking to the numerous publications in the industry including Specialist Finance Introducer, Bridging and Commercial and Mortgage Introducer.

Within one week, we have seen Iron Bridge increase from page 6 to page 2 for ‘mezzanine finance lenders.’ We expect that more long-tail and niche keywords like mezzance finance lenders/companies/london/online will gain traction much quicker and eventually the hot term of ‘mezzanine finance’ will get to page one within 3 to 6 months.

We’ve all been there.

“That’s fine sir, I’ll call you back at 2:30 tomorrow, no problem at all”.

2:30pm comes. Nothing.

3:30pm. Still no call.

4pm rolls by and you decide to call them back yourself. “Sorry sir, we have been fielding a large number of calls today and you were next on my list!”.

Of course I was…

This type of questionable customer service is common place these days. At Indigo Swan, customer service is all about making a connection.

Ever since we started, our retention rate has been over 93% each year. Last year was our best yet, as we retained 97.7% of our clients. We’re able to achieve these results by implementing and sticking to a set of core values and beliefs – keeping it human is key.

Our top tips:

1. If you’re going to do it well, do it well 100% of the time. It sounds obvious, but you’d be surprised how many businesses forget that it’s often the little things that matter. Your customers are like your employees – you have to keep them engaged, enjoying the experience and feeling part of an exciting journey. If you don’t focus on them, one of your competitors will!
2. Surprise them! If you’ve nailed number 1, great! But don’t get too complacent just yet. To keep your customers engaged (just like your employees) you have to surprise them from time to time. Keep things fresh! We often hear stories in the news about banks and insurance companies offering great rewards to new customers, but nothing to their existing clients. Reward loyalty and give back to your customers as much as you can. You don’t have to send them a card every year… but it’d only cost you £1 and it’d put a smile on their face – bargain!
3. Be honest. If something goes wrong, hold your hands up, say sorry – but whatever you do, don’t get defensive! By being honest you gain the customer’s trust, and by passing them onto someone who knows the answer or popping them on hold to source the answer yourself, you’re providing them with a far better experience than you would if you just bumbled your way through the call. Then, review what went wrong and make changes if you can.

If your favourite brand falls down in one area of customer care, it’s only natural to start questioning your loyalty and how valued you are as a customer. Communication has to be consistent – from the first contact a client, supplier or colleague has with you, through to the most recent conversation or email, it has to be on point throughout. Get to know your client, understand how they like to be communicated with, build rapport and, most importantly, listen! Too many people jump in when speaking to a client without giving them ample opportunity to explain their problem, give their opinion, ask their questions. Let the client talk, make notes and provide clear, detailed and informative answers in return.

Examples from the Swans

As part of this blog, we asked three Swans, who work in three different departments, to share what good customer service means to them.

• Aimee, one of our Energy Contract Enthusiasts (she was shortlisted for the 24/7 Legend award at The Energy Live News Personality Awards in 2017):

“For me, delivering excellent customer service means consistently exceeding my customers’ expectations. This could be by providing excellent energy prices, getting the team to close a particularly tricky case or simply sending a customer an origami swan if they’re having a bad day.”

• Rae from our Client Services team:

“I am very much a happy-go-lucky ‘people person’ and enjoy any challenge or query which is thrown my way. I strongly believe that if you have a happy outlook on what you need to do, people are more receptive and willing to go the extra mile. It may seem a simple concept, ‘being happy’, but it really can be quite infectious. If you have a happy, positive customer service experience, then you remember it and that is what I aim for with every human interaction I have.”

• Alex, who works within Client Discovery:

“Research, research, research. Know about the company or organisation before approaching them as that way you are a friendly voice, approaching a business to make a connection. If the business comes later – great!”

Being authentic is so important when it comes to excellent customer service – you have to be real. We love working with clients who are just as invested in the Indigo Swan journey as much as we are. It’s all about great communication, listening to their needs and probably most importantly, being human!

What’s the best customer service you’ve ever received?

GDPR Conference

If you attended the #NorfolkGDPR conference on 13th March, 2018, thank you for attending and making this the biggest event so far for the Norfolk Chamber.  It was also the biggest speaking event so far for me personally, and I really enjoyed being able to share my thoughts on the importance of Cyber Security for GDPR with everyone there, along with the great presentations from Alex, Tom and John.

You will have heard me speak about why Cyber Security is a critical part of your GDPR preparation, what the regualations say about it and the importance that the ICO place upon it.  You will have also heard about the importance of having a Cyber Security strategy, based on a risk based approach focused on your individual business.

Cyber Security Strategy

So what do I mean by a Cyber Security Strategy, why is it important, and why do many organisations not have one?

Like many things, you can approach Security strategically, or tactically,

Over the last few years, IT and our reliance on it to run our businesses has changed significantly, and continues to do so – fast.  That brings enormous opportunities – but also new risks.  As we rely more on IT, and particularly Data, so we suffer more if that data is unavailable or compromised.  Compromise to the Confidentiality of data (think Personal Data under GDPR particularly) can lead to reputational damage as well as trouble from the ICO.  There are many ways in which this can happen.

Our reliance on data and IT used to be less, and it used to be more straightforward to protect, before the advent of cloud based file sharing, tablet and mobile phone access and BYOD (Bring Your Own Device).  

GDPR states that organisations must implement “appropriate technical and organisational measures” to protect Personal Data.  Guess what?  Good Cyber Security practice requires that too – but for all your data (and the systems used to store, process and access it).  But establishing what is appropriate requires a strategy, and the decisions we make need to be justifiable, and demonstrable.

Effective Cyber Security needs to:

• Be based on the risks to your business
• Focused on the Confidentiality, Integrity and Availability of Data and Systems
• Consider People, Process and Technology
• Take into account ALL of the copies of data
• Evolve, constantly
• Include a plan to deal with incidents and breaches

The Cyber Security of many organisations is more tactical in nature, frequently based on technical solutions only.  This leads to many gaps, which not only leave them vulnerable to ever evolving Cyber Threats, but also would likely fail the test of “appropriate” measures in the event of an investigation following a Personal Data Breach.  Common reasons for this include:

• Belief that Cyber Security is just an “IT Problem” (Hint: It’s actually a BUSINESS problem)
• IT Security that has grown “organically” over time rather than to a plan
• Focus on Technical Solutions only
• Lack of investment (Time, money, skills)

So What Next?

If you haven’t started approaching your Cyber Security strategically yet in preparation for GDPR or just generally, here’s a quick outline of steps:

• Understand what data you have and where
• Understand what, and who accesses it
• Consider the threats (and weakest links)
• Assess the risks and impacts to your business (and to Personal Data)
• Plan to reduce, mitigate (or accept, where appropriate), the risk accordingly
• Document those decisions
• Implement the plan, record progress, and evolve

It is possible for the right IT Professional or Senior Manager to drive this kind of strategy, but often there’s a gap and/or disconnect between the Business and IT – often, they have very different perspectives; after all, IT Security has always been a balancing act between security & productivity and it takes an amount of pragmatism on both sides to achieve this.  Not always easy. 

Enter the CISO

I came across this article today from Microsoft which outlines their recommended approach to Cyber Security strategy, which is very similar to what I’ve outlined above.

https://cloudblogs.microsoft.com/microsoftsecure/2018/02/07/developing-an-effective-cyber-strategy/

You’ll note that this refers to a CISO – Chief Information Security Officer, who typically drives this strategy in an Enterprise Business.  Many organisations smaller than enterprise level can’t justify or afford a full time CISO, however the skills and experience they have can greatly increase the capability of an organisation to succeed at approaching Cyber Security strategically.  More and more are considering a “Virtual” CISO or vCISO to assist on a part time basis, creating and driving the strategy, working with internal IT and/or external IT Teams and the Senior Management/Executive team, which can be a really valuable and successful option.  

With the growing shortage of qualified and experienced IT security staff at all levels, outsourcing and virtual/part-time roles of this nature are likely to be a key resource going forward but can be difficult to come by, particularly in regions such as ours away from the bright lights and rich pickings of London, Manchester and the like. 

At CyberScale, we’re pleased to be able to provide this kind of service to our clients, to help build and implement a comprehensive Cyber Security strategy tailored to your individual business, in conjunction with your management team and IT team or IT service provider.  We’re also working hard on developing a range of packages jointly delivered by ourselves and local, trusted IT providers to provide a comprehensive managed Security service, again based on a tailored strategy.  Watch this space.

Get Started

Whether you’re looking at Cyber Security because of GDPR or just because you’ve become more aware of the risks to your business, and whether you plan to do it yourselves, enlist a little help, or a lot of help, or whether you’re not sure, the important thing is to get started.

Start to assess where you are. If you need help just with that piece, an initial Cyber Security Assessment or audit can cover this for you.  Build a plan (our assessments always include this too), start with simple steps, and incorporate some quick wins to reduce your risks quickly.  We’ll cover some common ones in another blog.  Include and Incident and Breach response plan.

Doing something is better than doing nothing.  Once you get started, you’ll start to build momentum, and all the time you’ll be gradually reducing your risk.  

If you’re comfortable doing things yourselves, the NCSC and ICO (National Cyber Security Centre and Information Commissioners Office) websites are great places to start with some helpful content.  If you need a little extra direction, please get in contact with us.  There’s no cost to you for an initial discovery consultation and just that might provide you with the clarification and confidence you need to get started with approaching Cyber Security in a more strategic fashion – an ultimately more effectivley.

Are you struggling to recruit suitable staff locally or could your business benefit from an injection of fresh energy and enthusiasm? Perhaps you have a long list of essential tasks – but no time to start them – let alone get them finished? Fortunately, it’s never been easier to connect with East Anglia’s smartest, most diverse talent pool – the students and graduates of UEA.

We also offer the UEA Internship Programme – an agency-style service which makes the process of taking on an intern as simple as possible. Our dedicated team take care of the advertising, contracts and payroll for interns, effectively employing them for you. All of our advertised internship opportunities are paid, however, our flexible programme means that you can recruit for up to a year meaning that the internships can last in line with your budget. There are often subsidies for SMEs who qualify to help with the costs.

MyCareerCentral is your free online gateway to this wealth of highly-qualified, motivated and bright local talent, with the ability to reach around 15,000 current UEA students and more than 10,000 graduates. The site is a fast, user-friendly resource for promoting part-time and seasonal jobs, summer and Year in Industry student placements, volunteering opportunities and graduate vacancies and internships directly to UEA students and graduates.

Using MyCareerCentral is more efficient than using traditional job sites as you can:

• Save time when inputting vacancies – your company information is stored in the system
• Edit and close the vacancies you have listed
• View a history of all the previous vacancies you have listed
•  Add to and manage your contacts

Online at MyCareerCentral you can work with the UEA Careers Service to:

• Promote your opportunities
• Advertise student jobs and internships, full or part-time seasonal jobs, graduate vacancies and internships and postgraduate vacancies
• Host an intern
• Offer a Year in Industry placement
• Recruit volunteers
• Raise your profile – attend fairs, deliver workshops or speak to us about developing specific activities
• Share your knowledge – mentor a student, support a student entrepreneur or speak at an event.
• Access UEA expertise & facilities – consultancy, licensing opportunities, CPD & training

How to make the most of your vacancy advert on MyCareerCentral

The information that you include in your advertisement plays a key role in attracting the right candidates for your vacancies. Competition for the best applicants is keen, so it is vital that you sell your vacancy – and your company – to potential job seekers.

Unlike commercial jobsites, adverts on MyCareerCentral can be viewed only by UEA students and recent graduates, so tailor your offer specifically to them wherever possible. For example, if you were a student or graduate, what would attract you to the role and prompt you apply?

Completing our online vacancy form is quick and easy and by tailoring your postings to the student audience, you’ll have the best chance of attracting great applicants for your roles.

For more information contact the Opportunities Team on 01603 592527or email [email protected].

When a woman announces her pregnancy, the first response of the manager is often to refer to the policy relating to maternity. But whilst a clear and accessible procedure is essential, at the heart of supporting a woman during maternity and beyond is open conversation. Throughout the pregnancy, maternity and on return, the manager needs to be talking to the mother, giving choices and options, understanding and recognising that the individual needs and priorities will change through pregnancy, birth and beyond. The type of contact during maternity, the support required, needs to be led by the mother.

Coaching is a powerful tool and one that can give a woman choices and empower her to find her own solutions at a time when she may be feeling a little uncertain and confusing. 121 coaching support before, during and on return can help the woman to identify what she wants to do, what form she wants her maternity leave to take, and indeed, how and when she wants to return.

Choice and influence is important too when the manager is looking at how maternity leave is covered. By engaging the woman in the process, and helping her to identify ways cover can be provided, can help the woman to feel valued and have ownership. This can also extend to the woman meeting the person providing cover and helping them to learn the role. The whole issue of maternity cover can be very unsettling for a woman and it often leads to concerns such as not being wanted back. This too is why the manager needs to be mindful of the sensitivities around this – for example, using the term ‘replacement’ can indeed make the woman feel as if they are being evicted from their job.

The way that a manager and indeed a company engages around maternity and parenthood is also key. Companies which celebrate family, where the internal dialogue is positive around women who take time out to have babies, will create a sense of security and belonging for women at a time when they may well be feeling vulnerable.

Flexibility is essential too. During pregnancy, when the mother may need time out for appointments, during maternity leave when a planned keeping in touch day be scuppered by a poorly child, and on return, when the woman may want to consider how and when she returns. And a company needs to ensure that its commitment to flexibility means that women do not feel ostracised if they return at reduced hours; a mother working a part-time role should not feel any less valued for the contribution she is making than her colleagues.

A robust policy and procedure is important but one that is not too rigid that it does not give space for choice, options and flexibility.  The company too needs to make the woman aware of what the procedure is, what support is available, and what she needs to do.

And when a woman returns from maternity leave, it is also essential that the manager is sensitive to the personal struggle she may be facing in being separated from her child. The manager also needs to be aware of her wellbeing and look out for signs that support is needed.

But the most important thing of all is for the manager to keep talking – and listening – to the woman so that she feels empowered and valued.

Seeing as it’s been National Apprenticeship Week this week, we thought we would shine a light on our apprentices, past and present. Naked Element would be a duller place without them and the valuable work they do! We’ve had three apprentices in total, Lewis, Rain and Jack and they’ve all been invaluable to our business. Lewis spent his year-long software development apprenticeship with us, before staying on a while longer as a full-time employee. He headed User Story workshops, held meetings with clients and even managed to join in with some of the social sides of Naked Element too! Lewis got a lot out of his time with us, saying “an apprenticeship is a great way to get your foot in the door of an industry, gain some excellent skills and first-hand experience in a job you may want to turn into a career”. Lewis decided to be an apprentice because he felt that a more hands-on approach to learning would suit him better than studying full time. At the time he hoped he would be working in the US in the near future, but he has since decided to settle down at university and is due to begin a Computer Science degree at the UEA later this year to bolster his industry experience with a formal qualification. Rain joined us as an administrative apprentice for just over a year, keeping us organised and the company running smoothly. Rain was an asset to Naked Element, as a natural networker and often the first face to greet clients, she helped start the conversation about software and business. From the professional presentation in her initial interview to managing conferences, she impressed us all. She took her experience with Naked Element and became the executive PA to the CEO of Apple Helicopters! Our current apprentice is Jack, who is part-way through his software apprenticeship. We’ve been so impressed with Jack that we’re hoping he will stay on after his course has finished to be a software developer full time! He’s a good problem solver, helping Naked Element deliver projects more cost effectively and equally enthusiastic at tech events when he represents the company. Our CEO Paul says “I believe that apprentices are an excellent way for the predominantly small tech companies in the TechEast region to grow and a way to help fill the skills gap we have here. They are also a great way to support young people in our region to get industry experience.” Naked Element has found all three apprentices invaluable to supporting and growing our business and we’re very proud of how far they’ve come!