Home - Bayside Cyber Consulting

Bayside Cyber is a friendly and pragmatic information and cyber security, data privacy and ISO27001 certification consultancy that works closely with our clients to make these topics understandable and relatable to business managers.

We can help you to gain an understanding of where any gaps might exist and how you can fill them in the most cost-effective manner.

Our consultants include ISACA Certified Information Security Managers (CISM), Certified Data Protection Officers (C-DPO), ISO 27001 Lead Implementers and extensive experience in both public and private sectors.

We work closely with our clients to make sure that the outcome is the one they want.

Get Started

About Us

Bayside Cyber Consulting was born as a result of several years working with a group of like minded friends in the GB Smart Metering security environment.

Our Managing Director is a senior consultant with over 30 years of experience in information security ranging from some of the largest UK Public Sector organisations, through world-class corporations throughout the world to the largest and smallest of UK energy suppliers as well as the organisations that support them, including most of the UK’s DCC adapter providers.

We believe in maintaining a positive mindset, creating collaborative partnerships with a purpose, and always striving for significant outcomes. When you work with us, you should expect a collaboration with transparency and consistency. Want to learn more? Contact us today for an initial consultation.

Our Services

ISO 27001 Implementation

The world we live in relies almost entirely on digital technology. We are becoming increasingly reliant on hardware, software applications and network technologies to achieve business outcomes, generate revenue and achieve profit targets. Cyber security has become a major issue for many organisations.

The security of our data is now more important than ever, and a credible validation like achieving ISO 27001 certification is no longer a “nice to have” – it’s fast becoming an essential for organisations who need to keep information safe.

Can your business afford not to give it serious consideration?

Bayside Cyber can help you to get your head around what needs to be done to become compliant or, if you want to, become certified. We can provide access to systems that will support you on the journey to certification and enable you to achieve it more easily.

For smaller companies, we can even manage your certification on an ongoing basis, effectively becoming part of your management team and helping you to do the right things at the right time to maintain your certification status.

Cyber Essentials

WHAT IS CYBER ESSENTIALS?

Cyber Essentials is a government-backed certification that ensures companies are practicing good cyber hygiene. It’s required for government tenders and is an indicator of a commitment to security and data protection.

Getting Cyber Essentials certified protects your customers against 99% of threats and demonstrates their security credentials to regulators and prospects.

Using the CyberSmart ActiveProtect platform, we can ensure that customers are fully prepared for their assessment and remain prepared between assessments.

Data Protection and Privacy

GDPR and the latest UK Data Protection Act can be confusing. Let us help you understand how you are affected and what you need to do to avoid the wrath of the Information Commissioner, your staff and your customers

Bayside has access to trained experts, who understand the compliance impact of GDPR and the UK Data Protection Act 2018 which implemented GDPR in UK law.

With trained DPOs on hand we can offer a range of services, from ad hoc advice and guidance, through implementation project support to a fully managed virtual DPO service.

Human Resource Risk Management

Understand and strengthen your business’s security posture against human error and user-targeted attacks through ongoing HRM.

Drive security awareness
- Train staff on modern security best practices through engaging security awareness courses.
Combat phishing attacks
- Empower users with the ability to spot, avoid and report even the most sophisticated phishing attacks.
Reduce human error
- Educate staff on how to avoid common mishaps like sending sensitive data to the wrong person
Safeguard exposed users
- Reduce the chances of an attack by detecting when user credentials are stolen and exposed on the dark web.
Implement security standards
- Keep staff well-versed on company security procedures with core policy templates and trackable approvals.
Demonstrate compliance
- Showcase your compliance efforts with real-time reporting on how your business is addressing human risk

More….

Request your Free Report

GB Smart Metering Smart Energy Code (SEC) and Retail Energy Code (REC) Compliance

Bayside Cyber is uniquely placed to help companies fully exploit the potential and rise to the challenges of cyber security, in ways that comply with the regulatory and standards regime being put in place.

Our team has a deep understanding of GB Smart Metering and Retail Energy, spanning from regulation through to the detail of the technical solution – that is implementable and meets the stringent cyber security requirements necessary to protect GB’s Critical National Infrastructure (CNI).

We can help leaders in the Energy Sector in all aspects of their Smart Energy or Retail Energy work, for example to:

Understand the range of obligations arising from the regulatory and standards regimes;
Develop all aspects of their cyber security and technical solution strategy and design, to ensure coherence, completeness and viability, whilst positioning it to exploit strategic potential;
Assure the design and implementation of solutions, from regulatory compliance through to the detail of cryptographic and protocol implementation of back-end systems and in-home solution components;
Best exploit solution components being delivered for industry use, and provide solution components such as those to link to the DCC.

Cyber Security Consultancy

We can offer you flexible and affordable options to meet the needs and objectives of your organisation, including;

Third Party Assessments: helping you to understand how well your suppliers manage their information security and, therefore, how well they look after your data;

Managed Services: working alongside your teams to support client operations to ensure Smart Energy Code (SEC) and Retail Energy Code (REC) compliance throughout the cycle between User CIO assessments;

Consultancy: working with clients to deliver solutions that meet their objectives. This ranges from short, focused reviews on specific aspects of a client’s programmes & projects through to our working in integrated teams with the client to deliver their objectives.

Clients we have helped

Testimonials

I had the pleasure of working with John and Bayside on various assessments. As our lead consultant, we could experience his in depth knowledge on IT security related metering topics. We valued his direct and straight forward approach in tackling outstanding topics. Particularly impressive for us was the fact, that his consulting experience goes way past the original topic we collaborated on. We are looking forward to joining forces again.

Sebastian Twilling ENSTROGA

We have been working with Bayside Cyber for 4 years. John and the team have assisted us in gaining our SECAS accreditation and the ongoing yearly assessments. Their knowledge and insight into the code and processes has been invaluable, we couldn’t have done it without them!

Emma Carter Compliance and Industry Manager
Unify Energy

John and the team at Bayside have worked alongside our security and compliance teams for a number of years and have provided indispensable support, assessment, advice and guidance. I would have no hesitation recommending them to anyone looking to build out a robust security management program, both within the energy industry and beyond.

Mark Regensburg CISO/VP Technology
Utility Warehouse

‘Maxen Power has worked with John and his team and we have found the experience fantastic.
The experience was easy and straightforward with their guidance and we look forward to
working with them more in the future

Umair MahmoodOperations Manager
Maxen Power

It is difficult to even imagine how we could have gone through the SECAS CIO Audit without John being on our side. His deep experience of the process is what took us there and got us over the line. He helped pre-empt a lot of the questions and meticulously prepared the documentation through weekly consultations that ensured we avoided the fate that normally befall first-timers.
He led and directed every step of the process, covering gaps, rigorously reviewing our architecture to make sure we are not just ticking boxes but designing an absolutely secure architecture for our business and creating a foundation upon which we can build a successful and prosperous business. From the bottom of our hearts, we say thank you so much John. We are forever grateful!

Farouk AlhassanCEO
Senapt

Since using the usecure training platform, we have seen a significant reduction in the number of employees clicking malicious links or opening malicious attachments in email.

When we implemented our cyber security strategy, phishing training and education was top of the list. We originally used the training platform for phishing training and simulations, but it quickly became clear that we could use it for a wider education platform for security training in general. Over the past few years the number of modules has increased to include things like GDPR training, Data Protection and Web Security.

Since we are ISO27001 accredited, we need to be able to evidence things like training. This is difficult to manage in a large organisation with over 2,000 employees and 25 business areas. The training platform allows us to do this easily and produce reports for managers so they can see their stats compared to other areas and send chasers for those who haven’t completed modules.

We now issue the Phishing and GDPR modules for new starters, plus we send the Advanced Phishing module when people fall for phishing attacks. So, over time, usecure has become more integral to our security management and reporting process.

Information Security ManagerBusiness Services Company

We have a requirement for a security awareness training solution mainly to improve our employee awareness around information security, but also to be able to demonstrate to an ISO 27001 auditor that we are following a robust process.
The management metrics are available to assist us in monitoring employee progress and performance against the scheduled courses.

This has been invaluable in seeing on a weekly basis who is falling behind with their courses, which is something that we’ve now built into a disciplinary framework to ensure that employees are completing the required training. The other attraction was the granularity of the course modules and topics covered. We prefer the modular approach as it allows courses to be targeted on areas of risk or need, identified from the initial gap analysis.

This approach accommodates the different levels of competence across the organisation and means that employees are only scheduled to complete courses in areas of weakness or high risk.

The performance metrics and course completion statistics allow us to identify areas of risk where employees are potentially under-performing, and to monitor overall performance of individual department (particularly the high risk areas like HR and Finance). The ISO 27001 auditor was particularly impressed with this and other information we had to demonstrate due diligence.

Director of IT and TransformationTransport Company

We deployed the training to meet our requirements for ISO 27001 and improve staff awareness, as we had seen an increase in inbound threats across the business (in particular, employee-targeted phishing attacks).

Having researched a number of vendors, we opted this training platform due to its simplicity in administration, quick and easy setup, and high quality of course content.

The automation tools have brought excellent user adoption rates and have considerably raised security awareness without heavy administration.

Notably, the AutoEnrol feature enabled us to rapidly deploy training programmes unique to our employees’ security weaknesses, with continuous management made easy through automated course invites, reminders and weekly summary reports. Overall, the platform is admin-lite and proving highly-effective with driving employee security awareness across the organisation.