Cyber security is a topic that is hot on everyone’s lips at the moment. With the GDPR just 84 days away, businesses have very little time left to ensure that their data protection and cyber security are up to scratch. According to Sophos 54% of organizations have been hit by ransomware in the last year. With 87% of IT managers believing that threats have become more complex, the need to demonstrate your companies ability to protect your clients data has become more than just an internal requirement. Here is the latest security update from Sophos:
With cyber attacks and malware hitting the headlines on a regular basis the security of personal data has become a key purchasing influencer for customers. Unless a company is able to demonstrate their security credentials their business could be adversely affected. Businesses that have been hit by a cyber attack in the last twelve month have seen an average $133k loss, and that is only likely to increase moving forward.
Due to this ever increasing worry for consumers the government worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials. The Cyber Essential certification program is a set of technical controls that help organisations protect themselves against the majority of cyber attacks. The scheme has two levels available Cyber Essentials and Cyber Essentials Plus and once complete companies are provided with a badge to display on their website.
The Cyber Essentials scheme is available to all organisations of all sizes and from all industries and has several advantages:
- A Cyber Essentials or Cyber Essentials Plus badge can boost your business’s reputation, especially around trust. By proving to your customers that you take the security of their personal data seriously and are implementing the correct processes to reduce cyber risks your business can retain current customers and attract new ones.
- If you currently supply – or would like to supply in the future – larger organisations that have extensive cyber security in place, the independent verification provided by the Cyber Essentials certification demonstrates that you will not place them in a compromised position with their customers data.
- The Cyber Essentials certification can also reduce your insurance premiums. According to a 2015 government report the majority of insurers believed Cyber Essentials provides “a valuable signal of reduced risk when underwriting cyber insurance for SMEs”. Additionally a number of insurers have “agreed to build reference to the Cyber Essentials standard into their cyber insurance applications, and will look to simplify the application where accreditation has been achieved by the applicant.”
- Last but not least if you are thinking of applying for any government contracts, you will need a Cyber Essentials certification. The UK Government now requires “suppliers of most contracts and services to hold a Cyber Essentials certificate.”
The Cyber Essentials scheme covers 5 main areas critical to cyber security:
- Secure configuration: security measures that should be implemented when building and installing computers and network devices to reduce cyber vulnerability.
- Firewalls and gateways: a basic level of protection put in place for when a user connects to the Internet. A firewall can prevent attackers and external threats getting access to your system. By monitors all network traffic a firewall can identify any unwanted traffic that could be harmful to your computer, systems and networks and block them.
- Access control and administrative privilege management : ensuring the protection of user accounts and preventing misuse of privileged accounts.
- Patch management: keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks.
- Malware protection: protection against a broad range of malware and providing options for virus removal to protect your computer, your privacy and your important documents from attack.
Whilst comprehensive the process to achieve the Cyber Essentials badges is fairly straight forward. In fact for the basic Cyber Essentials certification most of the work is done internally, you need to complete a self-assessment questionnaire, which is then signed off by a senior company representative and verified by an external certification body. Your Cyber essentials certification also provides the added protection and assurance of an external vulnerability scan.
For the Cyber Essentials Plus badge you will need to do the same but provides a more advanced level of assurance. In addition to the requirements stated for Cyber Essentials, organisations applying for CE Plus benefit from an additional internal assessment and internal scan, conducted on-site by the certification body. On average it will take 2-4 weeks to complete the Cyber Essentials process and receive your certificate.
Qlic achieved their Cyber Essentials certification in January and we are proud to be able to demonstrate our commitment to cyber security and protecting out clients data. Having been through the process ourselves we are very aware of what is required to complete the certification and are in a position to guide you through each step. If you would like to get your business certified get in touch with us today on 020 8269 6878 or [email protected]. If you would like to find out more about the Cyber Essentials scheme or cyber security in general head over to www.qlicnfp.com/managed-it-services/cyber-security/