Cybersecurity underpins Crafter’s Companion’s strategic growth plan

Household name Sara Davies founded Crafter’s Companion during her time as a student at the University of York.

Her vision started with the creation of the Enveloper; an innovative product that exploded in popularity once entering the market.

From those beginnings, the business now has two physical stores, a massively successful online operation, more than 200 staff and revenues in excess of £35 million.

 

• Sara Davies, Crafter’s Companion founder, pictured inside the firm’s Newton Aycliffe base

 

It offers an extensive range of crafting products in-store and online, and also provides educational crafting content across multiple digital platforms.

As a responsible business and employer, with an emphasis on e-commerce, the company holds large amounts of data and carries out thousands of online transactions per week.

Therefore, the security of its technology was key to the business and critical to any growth plans.

Anticipating a period of further growth, Crafter’s Companion recognised an essential component of its strategic growth plan must include reinforcing and continuously improving its cybersecurity – keeping itself, its supply chain and, fundamentally, its customers safe.

A key part of this strategy was to obtain security certifications in the recognised standards of Cyber Essentials Plus and ISO/IEC 27001 – these UK and international standards ensure organisations keep on top of their information security while demonstrating to supply chains and other business stakeholders they operate with good cybersecurity posture.

After a competitive selection process, Crafter’s Companion chose Melius Cyber as its partner to improve cyber systems and obtain the relevant certifications.

One of the initial steps was to build on the penetration testing Crafter’s Companion already regularly completed, by extending the scope and using external expert testers that simulate an ethical hacker attempting to breach its system.

As the professional tester conducting this exercise had no prior knowledge of Crafter’s Companion’s infrastructure, it made the simulation all the more realistic, with a ‘no stone going unturned’ simulated hack.

As a result, a comprehensive report identifying areas of vulnerability – and categorised by level of severity recommended remediation suggestions – provided a foundation to enable it to make the move towards security certifications.

Conscious this type of traditional penetration testing only allows for a one-off, point-in-time view of cybersecurity standing, Crafter’s Companion wanted constant visibility of potential vulnerabilities and possible threats, not just during times when it was undertaking penetration testing.

This led to the discovery of Cyber Safe, an affordable SaaS designed for the SME marketplace, which scans infrastructure daily and identifies areas of vulnerability.

Cyber Safe reports using a simple dashboard, highlighted by severity and risk to business.

This allows Crafter’s Companion to keep on top of its remediation activities and ensure they remain secure.

An added benefit is that Cyber Safe is aligned with the key security controls within Cyber Essentials Plus, making the move towards certification an easier and less resource intensive process, as most of the hard work has been completed and the business now has risk assessment data at its fingertips.

David McPherson, Melius Cyber’s chief technology officer, says: “The project brief was quite extensive, and, for a large organisation, they already had a lot of good practices in place.

“Initially, we worked to improve on the periodic penetration testing, building up a backdrop of the overall IT estate and its resilience and weak points.

“From there, we deployed our own expertise and the Cyber Safe platform.

“The work we have completed will improve the company’s security and make the completion of the required certificates much simpler.”

For many, cybersecurity is little more than a buzz word.

But it essentially boils down to having the right protection in place to keep out the growing number of unwanted threats or attacks.

Each year, the number of known threats increases by around 25,000.

Simply putting in place a few measures is no longer stringent enough to keep you safe year-on-year.

Now is the time for businesses to invest in securing their future and seek out expert help.

Because, at the end of the day, can you afford not to?

 

Banner image, pictured, from left to right, are Richard Brown, Melius Cyber chief executive; Steve Cowie, non-executive director; Matt Little, chair; Eldon Jobe, chief commercial officer; and David McPherson, chief technology officer.