Computer Defence Network Ltd (CND) is at the heart of Corsham’s thriving tech community. Based at the Digital Mansion, the company operates as a cyber security consultancy and an independent cyber security recruitment agency.
The company was founded in 2004 as a family business by CEO Andy Cuff and his wife Amanda. Andy’s background in military computing, communications (including space) and electronics, set him on the path towards information security services including the then-emerging field of cyber security. CND now provides a comprehensive range of services, including vulnerability assessments and cyber health checks, to a broad range of clients. The Business Exchange spoke to Andy about security, staff, superyachts and more.
What do your typical clients look like and how do you help them?
We don’t have typical clients anymore, although we used to work predominantly with the Public Sector. Three years ago we changed our business model to make us affordable to small businesses and we haven’t looked back. Our clients range from farmers to bankers and from spacecraft to ships. This diversity has enabled us to quickly adapt to secure new industries as they emerge.
Are there any clients or projects you’re working on that stand out?
My passion recently has been securing superyachts, which are some of the largest in the world with dozens of crew and thousands of networked devices. It has been fascinating getting to understand the pattern of life and those nuances with the network traffic which differ greatly from most other clients. We’re providing them cyber security as a service, so for the most part we are left to get on with it and create a secure environment which is unobtrusive to the guest experience.
You recently offered staff a mental health day off. What was the reasoning behind this and what was the response from employees?
I can honestly say that I love our team, they are fantastic. Amanda and I are so proud of what they have achieved in the past 18 months. Whilst we’re not driven by money, despite the pandemic our turnover increased by 30 per cent. This is phenomenal and demonstrates the team’s dedication to CND.
The mental health day was to enable everyone to de-stress and take some time out to take part in some wellbeing activity. Staff members took the time to do nice things such as country walks and spending time with family. I wish we could do it every Friday!
What have been the biggest challenges for you in the past 18 months?
Losing Friday lunches! Every Friday the team would sit down together with a takeaway and catch up. We’ve tried Zoom quizzes and even delivered a pie to every member of staff and whilst we have embraced remote working, you cannot beat those face-to-face meetings.
What is your ethos in business?
We don’t have a sales team and rely on word of mouth and reputation for our growth, therefore we have to be ruthlessly ethical in our work to achieve a long-term good standing in business. We also believe in ‘Corporate Karma’, such that if we can do right by another business (even a competitor), provided they too are ethical, then we should.
Finally, if you don’t chase profit and instead deliver quality, profit will find you anyway.
At what point should a business seriously consider its cyber security?
The moment they decide to do business. It’s far cheaper to start your business securely than to retrospectively secure it. To do so doesn’t have to mean engaging an expensive cyber security consultant.
What advice would you give to SMEs who maybe have not given much thought to cyber security?
This is actually really difficult. If we’re honest with them about the threat, then we appear to be scaremongering, which turns most of them off. Perhaps think about the impact of all your computers being encrypted through a ransomware attack, or all of your clients’ personal data being exfiltrated. Achieving a basic level of cyber security doesn’t have to be expensive and most of it can be done in house.
Where do you see CND in 10 years’ time?
I have absolutely no idea! We’ve never been able to have a business plan; cyber security changes so quickly that to plan too far ahead would stifle our agility in delivering what is required now.
Instead, we adapt to the developing situations and client needs, innovating new services to make them more secure.