Cybersecurity is a pressing topic for most organisations. Not least because, if your customer data is hacked, sold on the dark web and exploited, the results could be devastating. So, finding ways to protect against cybercrime and data breaches has never been more critical.
Of course, there are many things organisations must do to defend against such risk. For example:
- Making sure your processes and procedures are compliant
- Investing in robust firewalls, anti-virus and anti-malware solutions
- Making sure updates and patches are applied regularly
- Training your staff so that they understand their data protection responsibilities
- Using cloud-based systems that are securely backed up and can be restored at speed.
And, in addition, getting a relevant cybersecurity accreditation can help protect valuable and sensitive data.
What is Cyber Essentials?
Cyber Essentials is a government-backed certification scheme. It lists five technical controls that organisations should have in place. These are access control, boundary firewalls and Internet gateways, malware protection, patch management and secure configuration.
It is designed to help businesses to:
- Guard against the most common cyber threats
- Uncover any risks and mitigate against any data security vulnerabilities
- Demonstrate a commitment to cybersecurity and data.
Implemented correctly, Cyber Essentials should prevent 80% of cyber-attacks.
What are your options?
There are two Cyber Essentials options:
- Cyber Essentials. A self-assessment, lightweight option designed to be easy to follow
- Cyber Essentials Plus. All the benefits of Cyber Essentials plus your cybersecurity is verified by independent experts.
Do you need Cyber Essentials?
Today, when it comes to a data breach or hack, for almost all businesses, it is a matter of when not if. In fact, two-thirds of companies with 10 – 49 employees have suffered some form of cyberattack in the past year. And, on average, a business pays £21,000 to remedy a cyberattack. Furthermore, phishing remains the biggest threat, while ransomware comes with the highest cost.
How to you get Cyber Essentials?
Getting Cyber Essentials accredited is a three-step process:
STEP ONE. Select an accredited Certification Body (chosen by the National Cyber Security Centre to oversee Cyber Essentials).
STEP TWO. Verify that your organisations’ systems and software meet a detailed set of IT requirements set out by Cyber Essentials. Your Certification Body can help with this.
STEP THREE. Complete a questionnaire provided by your Certification Body and verify your answers. Once you’ve passed, you will be awarded your Cyber Essentials certificate.
What other security certifications could you use?
ISO 27001 is the international information security standard. Arguably more suitable for larger organisations, achieving ISO 27001certification proves that an organisation’s information security follows internationally recognised best practice. Because it includes an independent audit, with ISO 27001, you can rest assured that you have robust security processes in place. And know that you are compliant with all the relevant legislation.
Because data security is vital to our business, all our data centres are ISO27001 certified (and based in the UK). This ensures you are working with a trustworthy provider committed to safeguarding your data.
However, not all businesses have the time or resources to develop a full-on cybersecurity system. So, to get the best of both worlds, many are choosing to invest in Cyber Essentials, while working with a cloud partner that has ISO27001 certified data centres.
If you’re thinking about investing in cloud technology – but want to know more about how to ensure you stay secure– speak to a member of our team on 01942 261 671 to find out more.