How safe is your business online, and how safe are your clients’ and customers’ details? It may not simply be enough to feel you’re cyber-secure, or even to be fully confident in your own processes and systems. Nowadays, it’s important to be seen to be so, and to have the credentials to back it up.
The UK Government-backed initiative, Cyber Essentials is designed to provide guidance to businesses of all sizes about how to protect themselves from cyber threats. It can help them implement essential cyber security controls.
In addition, Cyber Essentials is an assurance scheme, whereby businesses can obtain independently verified self-certification for their cyber security.
Cyber Essentials, then, performs two key functions: it helps businesses put the measures in place to protect themselves, and it gives them the necessary certification to verify this in the eyes of others.
What we offer, as experts in IT support for Burnley, Lancashire and the North West, is the support and practical help to ensure your business is properly set up with Cyber Essentials controls, so you’ll be fully compliant for certification.
Support for Your Business
Most businesses have a disaster recovery plan, in case there’s a worst-case scenario down the line. However, while this might cover events such as theft, fire or flood, does it tackle the issue of cyber security? In fact, a cyber-attack is now more likely to occur than a fire or flood, so ignoring it is no longer an option, if you want to protect your business.
Risk management now includes information risk, and Cyber Essentials is a very useful mechanism for allowing businesses to demonstrate to their customers, investors and insurers that they have taken the kind of essential precautions to protect themselves against cyber-crime.
What Risks Are You Running?
Without sufficient cyber-protection, you are running certain risks to your business, which could have long-term effects, some of them catastrophic.
Firstly, there is the direct damage to your business of data loss, which could badly damage you to the extent that you then must change the way you conduct your business – this has happened in several cases.
Secondly, it can have a big reputational impact. If your customers think that your cyber security is compromised, they are likely to look elsewhere for business. If, for example, you are part of a supply chain, becoming a victim of cyber-crime may seriously jeopardise your position in it.
Thirdly, cyber-crime can also have a devastating impact on your insurance status – many insurers have offered benefits to early adopters of Cyber Essentials, but the opposite can also apply, where you’ll be penalised for not having the certification.
Cyber Essentials and GDPR
Once the EU’s General Data Protection Regulation, GDPR, comes into effect in May 2018, the penalties for failing to comply with data protection regulations will be potentially severe.
While GDPR is different to Cyber Essentials, Cyber Essentials can provide the necessary mechanisms, and certification, to offer the necessary demonstration that your business can protect the data it handles.
Along with being able to demonstrate your security, Cyber Essential certification will also mean your business can bid for UK Government contracts, as you will be proving you can handle personal and sensitive information. In this context, Cyber Essentials can open up new business opportunities, while providing protection.
Threats and Controls
Who or what are the most common threats to your cyber-security? While many businesses consider themselves a low risk to cyber-attack, threats can come from a range of sources, including opportunists from across the globe.
Common threats include cyber-criminals, who will sell information for money, or use fraud or extortion. Hackers may attack your system simply because they can, as a form of entertainment for them. There are also activist hackers who will launch a cyber-attack for ideological or political reasons.
Your systems could be under threat from employees with legitimate access to them, either through accidently leaking or losing information, or through malicious intent. Another source of cyber-crime is in the form of industrial espionage, by or on behalf of competitors.
- Boundary firewalls and internet gateways – protecting the perimeter of your system, making it more difficult for a thief to gain initial access, while helping you control who has permission for entry, and where they can go.
- Secure configuration – this controls how each computer in your system functions so helping prevent anyone carrying out unauthorised activities and ensures that each of your devices will only disclose the minimum information online. Cyber criminals scan for insecure configurations.
- Malware protection – malicious software can access your files and damage or lock them, or steal confidential information from you. Malware protection helps to identify malicious software and prevent or remove any threats it presents.
- Access control – you want to restrict access to your system to a minimum, to deter and prevent hackers gaining access to it. A hacker will look for administrator rights, but access control restricts these rights.
- Patch management – if cyber-criminals know the operating system or software you’re using has vulnerabilities they will try and exploit them to gain access. Therefore, it’s vital to keep updating software and systems with patch management to shore up any weaknesses and close these opportunities down.
Cyber Essentials isn’t restricted to one kind or size of business – the threat is real and it’s widespread, so protecting yourself is vital.
You can either opt for Cyber Essentials or Cyber Essentials Plus. The Plus version includes all of the assessments for Cyber Essentials but also adds an extra internal scan and provides an on-site assessment. Get in touch with us to have a chat about which option might be best for you and your business.
Get In Touch
As local experts in both IT support and website design and construction for Burnley and Lancashire, we can provide you with the right advice and assistance to obtain Cyber Essentials certification. Remember, this is not just a box-ticking exercise: you must ensure you protect your system and software properly.