Cyber Essentials is a certification scheme available to all UK businesses. Jointly run between the National Cyber Security Centre (NCSC) and the UK government, it tests your IT systems and devices for data security. It’s a great way to show your customers and partners that you operate your business on information security best practice.
Cyber Essentials certification only takes a few days and you can do it yourself by completing a questionnaire, which asks you about your cyber security protocols and how you protect your systems from internet attacks.
A certification body will verify your answers and awards you a certificate. There is a cost of £400+VAT, and it’s suggested that you recertify every 12 months. You may decide to go for Cyber Essentials Plus certification instead, which does the same checks but uses an independent assessor, who will attempt to hack and test your systems.
It is advisable that any organisation handling data, particularly confidential client information, has cyber essentials certification. Here are five reasons why you should consider it for your own business.
You are legally required to protect the data you hold within your organisation, particularly if it belongs to clients, whether these are existing or previous customers. The introduction of The General Data Protection Regulation (GDPR) in May 2018 means that you must have solutions in place to protect that data, and be able to demonstrate these.
Furthermore, you need to be able to show why you have this information, and it should be limited to what is relevant to your business, and to get rid of it when it’s no longer. You must also be able to delete data that you hold on somebody if they request it, and you have a short window in which to do so.
The government has a range of legislations that businesses need to adhere to, depending on what they do and the kind of information they gather. Cyber Essentials allows you to comply with them.
Having Cyber Essentials certification demonstrates to your customers, suppliers and other partners that you take data security seriously and you’re proactively adhering to GDPR legislation.
Because Cyber Essentials is accredited by the government and used nationally, it’s a quick way to show prospects that you’ve done your due diligence and are putting systems in place to protect information. This gives them more confidence that they can trust you and encourage them to work with you.
Increases in Cyber Attacks
Cyber attacks are on the increase, and it’s no longer only small businesses that are being targeted. Companies can have their systems wiped or find themselves locked out, have viruses installed or personal information collected. Without a robust security solution in place, your data is vulnerable to criminals.
Sometimes the hackers will demand payment before restoring your information, which is known as ransomware. Malware includes things such as viruses and means anything maliciously installed on a computer which can destroy something or steal data.
It’s easy to think that because you’re using passwords that your data is secure, but that’s not always the case. Unfortunately, there’s as much risk from human error as there is from outside attacks, as staff often use their personal devices to access work systems, or take their equipment offsite.
Your staff may not be as aware of cybersecurity as they should be, and with things changing all the time, it’s hard to keep them up to date. They can also be fooled by ‘man in the middle’, where somebody impersonates the endpoints of an online information exchange to collect data (for example, pretending to be your bank or you to your bank to collect sensitive information).
Additionally, your supply chain may be vulnerable, as it is only as strong as the weakest member in the chain. Whichever organisation is the weakest can be identified by an advanced persistent threat (APT) and attacked, so it’s important to ensure that this isn’t you.
Proactively Resolve Vulnerabilities
With staff able to access work information and the internet from a range of devices, the frequent introduction of new technologies and increasing use of cloud storage and backup, businesses are more at risk than ever from cyber attacks.
Rather than waiting until you’re attacked, getting Cyber Essentials certification means that any weaknesses are identified and resolved. Answering the questionnaire allows you to assess your existing security systems, data backup and continuity processes, and gives you the opportunity to find ways to improve these before the worst happens.
If you’d like to know more about how cyber essentials can help your business, download our free Cyber Essentials: Small Business Guide.