The Maryport company leading the way in UK cyber security

Indelible Data, based at Maryport Business Centre, was founded by Tony Wilson in 2009 and has become one of the most prolific Cyber Essentials Certification Bodies in the UK.

Before setting up the business Tony worked for Cumbrian Newspapers as systems manager for the group developing and overseeing its publishing systems.

Tony then worked for a software house developing newspaper publishing systems for other companies before starting Indelible Data.

Tony says he realised there were a number of Cumbrian firms - particularly those working in the nuclear sector - which needed help meeting the data security requirements of the customers they were supplying, including ISO 27001, a particular data security standard.

"What we were finding was that businesses around Cumbria needed help to understand security concepts and to convince bigger players they were secure," says Tony.

"We thought there was an avenue here within Cumbria to help these people give a level of assurance that they are handling data securely on behalf of third parties.

"We started to help people implement ISO27001 as well. Once you've got that in place, you're well on the way to having a secure business to give assurance to other companies.”

They also worked with QG Management Standards, based in Carlisle, to create a security management standard which they launched in 2015 at a Nuclear Decommissioning Authority sponsored event at Energus in Lillyhall.

"We invited the government up to talk about how important it was to be secure and the government's take on it and the government actually used the event as a platform to help launch their information security standard,” says Tony.

The government’s own standard, Cyber Essentials, requires companies to prove they have the appropriate security measures in place to work on certain government contracts.

Indelible Data provide an assessment and support service to ensure companies meet all the requirements in the necessary timeframe.

The company was also one of Cyber Essentials’ first certification bodies, working with cyber security agency GCHQ, in Cheltenham, to assist in its development.

Cyber Essentials is now operated by the National Cyber Security Centre with Indelible Data still acting as one of around 250 certification bodies.

The company works with hundreds of customers across the country each year to help ensure they meet the standards so they can carry out government contracts, particularly in construction, nuclear and defence.

Many Cumbrian businesses are customers, including Story Group, TSP Engineering, Northern Security, Project Time and Cost and Choose Occupational Health.

"It's been designed in such a way that it gives assurance that all the basic elements have been locked down and are in place and then you can build your own security regime on top of that,” says Tony.

“It’s a bit like an MOT, there’s a checklist of things you have to have in place.”

Often completing the Cyber Essentials process is just part of the service it provides to clients, who then go on to use some of the company’s other services.

These include penetration testing, in which the Indelible Data uses “ethical hacking” techniques to test how vulnerable a company is to cyber attacks and how to fix it, or vulnerability scanning, in which they carry out regular assessments of how secure a company is.

Indelible Data also offers cyber security training and has a network of nearly 30 managed service providers who it works with to help them keep their own customers secure, including David Allen IT Solutions, in Carlisle, Keswick Computer Solutions and SystemIT and Integrity IT, also in Carlisle.

Tony says one essential piece of cyber security advice is for companies to be alive to the risks of phishing emails, which he says are at the root of many major data breaches.

"Most attacks start with a phishing email nowadays,” he says.

“Whether it's to get more information about your company that allows the attacker to then get further into the system, by befriending people and getting further information from them, or just through a link that you've clicked on that gives the attacker access.

“Nearly all the big attacks that you've heard of in the news will have started with a phishing link. If someone clicks on that and the systems aren't configured to protect against it then they can get into your systems.”

Over the last 14 years the company has grown to employ a team of eight.

However, finding people with the right skills in Cumbria has not proved easy and the company has focused on growing its own skills in-house and has employed five apprentices via an Energus scheme for trainee cyber security specialists over the past five years.

The company has continued to grow, with over 500 businesses using its Cyber Essentials service alone, and it is currently on the lookout to employ one more cybersecurity specialist.

"We found really excellent candidates through collaborating with Energus,” says finance and operations director Anna Wilson.

“The trouble is that there is this great shortage of cybersecurity skills and as we train people up, they become very attractive to large organisations like Sellafield and we've lost a number of technical staff to organisations like that, which is a challenge.”

Georgia Routledge, from Workington, started as a business administration apprentice with the company nearly six years ago and is now in charge of business development, working as part of the leadership team to direct its future growth.

Her work earned her the Britain’s Energy Coast Business Cluster Highly Commended in the Rising Star awards last year.

Georgia says future growth of the company will come through providing a cyber security service in collaboration with more partner organisations working in the sector, as well as offering bespoke services to those who use its services to fulfil the Cyber Essentials requirements.

"A big part of my role is onboarding new, trusted partners that we can work with, because that's been a really big contributor towards our growth,” she says.

"Working for a small company that's grown so much throughout the years has given me the opportunity to develop in my role.

“And working for a company that's doing so well has given me that opportunity, which might not have been possible with some other organisations.”