Protect your business with Cyber Essentials.
18th April 2023 | Modified: 19th April 2023Categories: Security
“A UK government-backed certification”
Humankind has always secured important documents and things of value, away in a lockable space. The Romans used keys and even invented padlocks to store their valuables securely, as far back as 500 BC. Fast forward to the last 50+ years; we’ve locked important information away in filing cabinets, into an office wall safe, or even left it with the bank for safekeeping.
The digital age
Today in the digital age, we store information electronically. Why? Because information is power; it can be our competitive advantage over other businesses. Our supplier list of who provides us with what, and when; it might be customer information, entrusted to us through a sales transaction and numerous other details, all particular to our business.
Throughout the centuries, we have always had to deal with someone or something trying to break in and steal things. And it’s no different today. Crooks just go by a different name; they are called cyber criminals, who think it’s a lot of fun to hack into your network to steal information, hold your business to ransom, or just simply disrupt your business.
Protect 24/7
So, what can you do to reduce your chances of being hacked?
There’s actually quite a bit you can do to protect your business. No matter the size or the sector you work in, the best thing to do to protect your company from such criminal activity is to review your IT security protocols to ensure you’re thoroughly protected.
“The sad news is that being hacked is no longer the exception, but is fast becoming the rule”.
Introducing Cyber Essentials
There are two types of certification levels. Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is a UK government-backed certification to help you review all of your business IT infrastructure and cyber security practices. That could protect your company against 80% of the most common cyber-attacks known today. The beauty of Cyber Essentials is that it is a self-assessment tool that provides business management and employees with a focus on understanding their roles and responsibilities towards preventing cyber attacks.
The five controls
To gain the certification, there are five essential technical controls your company needs to fulfil.
- Use the most secure settings on any business device or software application.
- Make sure your IT is not only up to date but also securely protected from viruses and malware
- Protect your internet connection with a secure firewall.
- Control who has access to your business data, services and IT infrastructure.
- Actively keep all of your devices and any software with the latest manufacturer updates
Going further than ever before
The certificate goes much further than looking at cyber security. Sometimes cyber attacks are more than a technical assault on your network, they can be human-based. Cyber Essentials will help you to identify any employees who may benefit from additional cyber security training, to stop them from being duped by cyber criminals.
With GDPR (General Data Protection Regulation) law having come into effect back in May 2018, having the Cyber Essentials accreditation criteria, sends a strong message to your customers, suppliers and partners that you are demonstrating your commitment to cyber security, and that you are actively mitigating cyber threats.
Reputational damage
Cyber attacks can not only stop your business and employees working, so that’s a dead-time disruption cost right there, (picture 5 or 50 or 500 staff all doing nothing!) more importantly, being hacked can also damage your business reputation in the eyes of your customers, who won’t be best pleased to know that your company has potentially leaked information about them or put them at risk logistically.
Most interestingly, cyber criminals often aim for targets that don’t have the Cyber Essentials controls in place, so it’s certainly extremely useful in having this certification, as it gives you the peace of mind that your defences will protect against the great majority of typical cyber-attacks.
“Having Cyber Essentials is more like a responsibility than a non-essential item”.
Get ahead in business
In light of the many cyber attacks reported in the news, many supply chains and tenders (UK Government departments and reputable companies within the private sector) now require proof of certification, as a condition of tendering for the contract. Companies are now looking up and downstream, at their potential partners, in a bid to stop being hacked.
When you have gained Cyber Essentials, if your business is domiciled in the UK, and has a turnover of less than £20 million, you get free cyber liability insurance.
Once your organisation is accredited, much like Cyber Essentials, you will receive a certificate for Cyber Essentials Plus that is valid for 12 months from the date of accreditation. You will be able to promote your company’s compliance, by placing your its name on the list of Cyber Essentials Certified companies; it’s an open list for anyone to check to see if your company is certified.
Go further, get Plus
As part of the process of obtaining Cyber Essentials Plus, external evaluators will do an onsite and a remote assessment of your business systems. The purpose of the evaluation is essential to confirm that you have all technical controls declared in your Cyber Essentials assessment, present within your organisation’s network.
This will include:
- An internal and external scan for patches and network configurations.
- A check to see if anti-malware and other security systems are fit for purpose against potential malicious cyber enemies etc.
Cyber Essentials Plus must be taken within three months of obtaining Cyber Essentials. If you take the test outside of the three months, you will have to start the process all over again.
Conclusion
With 4 out of every 10 businesses, and 25% of charities having reported a cyber security breach in 2021 (Gov.UK), investing in your cyber security makes good business sense.
If you would like CNC to help you through the process of obtaining Cyber Essentials and/or Cyber Essentials Plus then please call us on 01273 384100 for further details or email sales@cnc-ltd.co.uk.
CNC – helping you to keep your company cyber-safe.
