Family Adventures Group is a UK based group of 7 day nurseries and 3 indoor play centres in the South West and West Midlands. Founded by husband and wife team, Laura and Tom Filer in 2019, the group started out as a sole indoor play site with the mission of doing things better. Now the group is in the top 20 UK nursery groups on the parent review site daynurseries.co.uk and has Visit England roses at each of its leisure sites.
CEO and co-founder of the group, Tom Filer talks to us about cyber security for nurseries
What are the biggest security issues and unique challenges in your industry?
“We deal with a lot of sensitive personal data, especially in our day nursery operations. This can sometimes be information shared by social services and other agencies including the police, which needs to be kept secure. In January 2024 the group received private equity funding and, as part of the investment, had to seek formal cyber security certification of its systems. The UK National Cyber Security Centre’s *Cyber Essentials was part of the investment requirements, but we wanted to go a step further so also chose *IASME Cyber Assurance as well to get an extra level of comfort.”
How was the experience of going through certification?
“The whole company has been involved in the process, so it has really got everyone thinking properly about cyber security. The process has highlighted a number of areas that we have now actioned, meaning that we have come out of the certification process far stronger than we entered it. It was not easy to get the certification, but we now have a far more robust cyber security environment.”
What challenges did you have to overcome and how did you achieve this?
“We don’t have an IT manager, so the process of improving our cyber security environment was probably a bit more difficult than some other organisations. We were well supported by our IASME Certification Body, Cool Waters in our certification process.”
What advice would you give to other organisations like yours?
“The certification process is really worth it. I am now far more comfortable as a director of the company knowing that we have external validation of our processes. We have actually seen a significant increase in attempted fraudulent activity since the investment was announced publicly, so without the cyber security improvements we have made as part of the certification, I dread to think how severe the impact could have been.”
Cyber Essentials is an effective, government-backed certification scheme that helps organisations, whatever their size, to ensure they have got the appropriate measures in place to protect themselves against a whole range of the most common cyber attacks including ransomware. Annually certifying to a recognised framework is a great way for organisations from all sectors to check that they have implemented the five key controls adequately, without overlooking something.
The IASME Cyber Assurance standard is a comprehensive, flexible, and affordable cyber security standard. Important cyber security measures are included such as assessing and managing risk, training people, setting practical policies and procedures and legal and regulatory requirements. Key resilience strategies are also covered, such as backing up data, business continuity planning and incident response.
*Please note, the Cyber Essentials scheme is owned by the UK’s National Cyber Security Centre and represents the recommended minimum cyber security for organisations of all sizes. IASME Cyber Assurance is a separate IASME-owned scheme.