How secure is your business’s cybersecurity? Do you take adequate care of customer and client data as well as your own? Even if you’re confident in your systems and protocols, it can sometimes be difficult to demonstrate. It’s important that your business has the right controls and also the credentials to back them up.
What is Cyber Essentials?
Enter the UK Government-backed Cyber Essentials initiative. The scheme was designed to provide guidance to businesses of all sizes on how to protect themselves from cyber threats and implement essential cybersecurity controls. Cyber Essentials is also an assurance scheme which allows businesses to obtain independently verified self-certification for their cybersecurity.
Achieving Cyber Essentials can help your business in two ways; by putting the measures in place to protect yourself and your clients, and give you the certification to substantiate this in the eyes of others.
ITGUY takes GDPR very seriously and we attained Cyber Essentials Plus certification in April 2017. We can help your organisation demonstrate compliance from an IT perspective and provide guidance with all parts of the GDPR process, simply give us a call or fill out our contact form to learn more.
Cyber Disaster Recovery
Most businesses will have a disaster recovery plan in place to cover any unforeseen eventualities which should enable them to make a swift recovery. Your disaster recovery plan might cover obvious potential disasters such as theft, fire or flood, but does it tackle cybersecurity? It’s more likely in 2018, that a cyber-attack is a more realistic risk than a fire or flood is. If you want to protect the future of your business, ignoring cyber security and what you would do in the event of a major problem isn’t an option anymore.
Cyber Essentials is a useful mechanism which enables you to demonstrate to your customers, investors and insurers that you take the risk of cyber-crime very seriously.
What are the Risks?
Without sufficient cyber-protection, your business is in a vulnerable position and is exposed to certain risks which could have long-term effects, some of them catastrophic. The three major ones which come to mind are:
- Data loss – losing data (accidental as well as theft) directly harms your business, both financially and in terms of time. A loss of data could result in fines, compensation and could mean many hours of additional work for your team.
- Reputation – a major cybersecurity incident in your business will potentially send customers elsewhere. Even messing up once is enough to tip some business over the edge. Your customers need to be able to trust you with their information.
- Insurance – early adopters of the Cyber Essentials scheme have already been offered preferential rates by business insurers. For those who haven’t joined the scheme, remember that a future cyber disaster could also have a negative effect on your insurance status.
Where Do Cyber Risks Come From?
Who or what are the most common threats to your cyber safety? While many businesses consider themselves a low risk to cyber-attack, threats can come from a range of sources.
The most common threats are criminals, who will sell data (usually your customers!) for monetary gain, fraud or extortion. Hackers may attack your system simply because they can, even as a form of entertainment – yes, that’s a genuine hobby for some people believe it or not, and that’s aside from activist hackers who will launch cyber-attacks for political reasons.
Your systems could also come under threat from inside your business, from your own employees who will have legitimate access. They could accidentally leak or lose data, or more worryingly, through malicious intent. There’s even the possibility that your competitors could also try and sabotage your business, in the form of industrial espionage.
Cyber Essentials and GDPR
With the deadline for General Data Protection Regulation (GDPR) looming this May, it’s possible that many businesses will feel the effects, or even have to pay penalties for failing to comply. What does GDPR have to do with Cyber Essentials though? Well, GDPR is different to Cyber Essentials, but Cyber Essentials can provide the necessary mechanisms and certification to demonstrate that you are able to adequately protect the data your company handles. We have
As well as being able to demonstrate your data security, Cyber Essential certification will also mean your business can bid for UK Government contracts. The certification is a now a must have for any business wanting to work with the government as it proves that your company is able to handle personal and sensitive information in a safe manner.
Cyber Essentials may not be high on your business agenda right now, but when you think of the new business opportunities, and additional help towards GDPR it offers, it certainly starts to look like a better idea.
At the moment, you can’t be “GDPR certified” as the Information Commissioner’s Officehas not created this qualification yet. But because of the requirements that the regulation will require, it’s important to understand what is involved and what your business needs to do before the deadline hits. Achieving Cyber Essentials is a relatively straightforward process and your business can use the certification to demonstrate that it’s taking the forthcoming GDPR initiative seriously.
Contact ITGUY London
If you’re considering Cyber Essentials certification for your business, you can either opt for Cyber Essentials or Cyber Essentials Plus. The Plus version includes all of the assessments for Cyber Essentials but also adds an extra internal scan, as well as providing an on-site assessment too.
As experts in IT support, we can provide you with the right advice and assistance to obtain Cyber Essentials certification and also provide advice on GDPR and what your business needs to do.
Please feel free to give us a call on 020 72 41 22 55, or fill out our contact form, and we’ll quickly get back to you.