We live and work in an age where cyber threats can come from anywhere in the world, at any time, in any guise.
While cyber security at its highest level can be complex, the core principles are simple. The UK’s Information Commissioner, Elizabeth Denham, summed it up when she said: “Don’t just shut the door. Lock it. Then check the locks. And be mindful about who you allow to have a key.”
Security incidents and data breaches can generally be attributed to a failure of people, processes and policy. As cyber security experts we welcomed the move in 2014, which saw government and industry work together to create Cyber Essentials. This is a simple but effective scheme that helps to protect organisations against the most common basic cyber attacks such as hacking, phishing, and password guessing.
All suppliers bidding for government contracts which involve handling of sensitive and personal information and provision of certain technical products and services must be compliant with Cyber Essentials controls. Many other public and private sector organisations are also making this requirement mandatory.
Recognising that not everyone has the bandwidth to develop a cyber security framework, Cyber Essentials is designed to be suitable for all types and sizes of organisations to address basic security issues.
It sets out five basic security controls – secure configuration, boundary firewalls and internet gateways, access control and admin privilege management, patch management, and malware protection, and involves a completed self-assessment questionnaire, with responses independently reviewed by an external certifying body. For those looking for a higher level of protection and compliance, the next stage is the Cyber Essentials Plus scheme. This covers the same requirements, but also an external certifying body using a range of tools and techniques to test an organisation’s systems.
For those thinking ‘oh great, another business cost’ the nominal cost of putting Cyber Essentials and Cyber Essentials Plus in place pales into insignificance when compared against the cost of a security breach.
You may not realise it, but being a victim of a low level attack can mark you out to criminals as easy prey for a larger, more complex attack. Once you are on their radar, they will use every trick in the book to access your systems and data, with disastrous – possibly fatal – consequences for your organisation.
As cyber security experts – and holders of Cyber Essentials and Cyber Essentials Plus – we have helped clients in a wide range of sectors, including accountancy, law, logistics, aerospace and manufacturing, to successfully receive the seal of approval from external verifiers. That stamp is their peace of mind that they are better protected against cyber threats.
Our workshops and training sessions are designed to give clients as much or as little help as they need to put robust security controls in place that meet the demands of the scheme, and pass assessments first time.
In the world of cyber security, nothing stands still. We can never totally eradicate risk, but we can and should mitigate it.
Contact our team now to start your journey to improving your defences and demonstrating your commitment to cyber security.