top of page

A Sustainable approach

 
Our goal is to help secure purposeful organisations so they can meet their own goals. As we do so, we want to ensure our impact on the planet is minimal.
 
This page is dedicated to our transparency about our own impact, our approach to sustainability, and how we plan on improving it as time goes by.
Cybersecurity and sustainability - how do they link?

You may have noticed that cybersecurity doesn't fit perfectly into the topic of sustainability. I think however (Ash speaking here), there is a lot of crossover. 

- A business typically isn't sustainable if it isn't making money. Cyber insecurity can impact an organisation’s ability to make profit, and on rare occasions, can bankrupt organisations. Put simply, an insecure organisation can be an unsustainable one. 

- Technology is a huge part of business, and therefore a huge part of cybersecurity. Technology is used by businesses, but tech is also purchased as part of addressing cybersecurity challenges. A lot of that technology isn’t as effective as it might like to be. This can impact an organisation’s scope 3 emissions as well as their overall financial position. 

- Very often, organisation’s don’t need more technology or equipment to be more secure. We believe the most sustainable technology is the tech you already have. You may be surprised to hear that we don’t very often recommend new software or technology to our clients. We largely check what they already have in place, and how to better protect it.

- Very few cybersecurity providers are talking about sustainability, and even fewer publicly list their carbon footprint or general approach to sustainability. This comes at a time when the current technology landscape is incorporating a lot more energy intensive technology such as AI training models, blockchain in addition to existing energy-hungry data centre equipment.   

- Data breaches don’t just cost money, they also have a lot of other consequences which, although on a micro-scale, are not sustainable. For example, loss of productivity of technical staff who need to react to the breach and in many cases, recover the systems to an operational level.

How are we linking sustainability and cybersecurity? 

  1. Our consulting approach focuses on better use of our client’s existing technology and systems. We take the time to understand what systems are in place, how they are used, and how we can better protect them using built-in features. We call this our “tech-minimalists” approach, creating maximum value from minimum time, monetary, and carbon investment in technology.
     

  2. We publish our own carbon footprint (as below), and use B1G1 to let our clients choose a positive impact to pass on when they work with us. We also offer probono consultancy services to organisations who are doing something positive in the world, but don’t have the budget needed.
     

  3. We are building a list of sustainable cybersecurity providers and suppliers. We will publicise this on our website to help others include sustainability in their cybersecurity purchase decisions. 

Our Carbon Footprint and Sustainability Approach

Our total emissions use (Metric tonnes of CO2 equivalence) for the year of January to December 2023 were 2.49 CO2e. 

All of our emissions are within Scope 3 - Supply chain emissions, from services such as online subscriptions, advertising and very occasional travel.
According to Normative's Industry CO₂ Insights, the annual total emissions average for UK companies in our sector is 627 tonnes CO2e.

Our current sustainability practices:

  • We have no offices and all employees work from home or via co-working spaces, meaning we don’t commute more than once per week. 

  • We conduct almost all work and meetings online. We don’t travel to clients or hold physical employee meetings other than a handful of company meetups per year.

  • When we do need to travel, we use a train-first policy and almost never drive for work purposes.

  • We never print documents, and therefore don’t buy printing equipment, ink or paper.

  • We reduce our need to buy electronic equipment by using a bring your own device model (BYOD). If we do need to buy equipment, we have a refurbish-first policy (e.g. Circular Computing) and use sustainably minded companies such as Fairphone. 

  • Our partnership with B1G1 allows us to pass on positive impact when we work with a client. Clients can choose the impact they want to create, and map it to a sustainable development goal of their choice. You can see our impact so far here

 

Our target sustainable practices:

  • Using the green foundation project for our website hosting 

  • Transfer all company pensions to green investments 

  • Reviewing the 100 smart ways to live sustainably for our employees' personal lifestyles. 

  • Being more data driven when it comes to choosing suppliers based on their sustainability practices

 

We are very open to hearing ideas on how we can continue to do our bit. If you have any, please do drop us a note here: ashley@practical-infosec.com 

 
bottom of page