For the 3rd successive year we have recertified to Cyber Essentials and IASME…. And in the same week we assisted two other companies achieve their Cyber Essentials Certifications. Just what is Cyber Essentials?
For readers of our blogs, many know that we are passionate about the value that this scheme to deliver to organisations regardless of size and sector. And we’re not alone in realising this, as the growing number of organisations who have certified demonstrates.
By certifying, some companies can experience an 80% reduction in their risk of suffering a cyber breach.
The History of Cyber Essentials
Way back in 2013 the UK Government recognised that despite having issued ’10 Steps to Cyber Security’ a few years earlier, organisations were continuing to experience security breaches.
In conjunction with industry, analysis was undertaken to understand the root causes of those breaches and from this, the Cyber Essentials scheme was born. It focuses on 5 key areas :
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
How does Cyber Essentials help my business?
The scheme is a self assessment which is reviewed by a certification body – a copy of the questions is available here. By certifying, some companies can experience an 80% reduction in their risk of suffering a cyber breach.
Still not convinced ? Elizabeth Denham (UK Information Commissioner) recognised the value that Cyber Essentials can deliver in protecting data and the relevance of preparing for the GDPR when she delivered a speech in January 2017 saying :
The ICO has already produced guidance for SMEs on IT security and I would also recommend consideration of the government’s cyber essentials scheme to assist in identifying the actions you need to take. You can expect to see more guidance on this in the context of GDPR.
3 months later, Matt Hancock reiterated the advice on Cyber Essentials when speaking to the Institute of Directors said that
‘if you’re not concentrating on cyber, you are courting chaos and catering to criminals’
…and went on to say that :
.. For getting the basics right, we created the Cyber Essentials scheme. GCHQ analysis shows the vast majority of cyber attacks exploit basic, known vulnerabilities, like passwords and admin access policies. Cyber Essentials shows you how to address those vulnerabilities. It’s simple, low cost and specifically designed for SMEs. All firms which rely on the internet should have Cyber Essentials – as a minimum.
Why is Cyber Essentials Important?
The Government thinks this is so important we now require all our suppliers which handle sensitive data to hold a Cyber Essentials certificate.
Importantly, it’s affordable. The certification costs just £300 and, if you certify using an IASME company, comes with free insurance as well. For charities, there is a discounted scheme which runs for a short period of time in September 2017, reducing the certification fee to £225.
So instead of the question being why would you certify to Cyber Essentials, perhaps the more appropriate question is why wouldn’t you ?
After all, you wouldn’t buy a holiday from a company that wasn’t ABTA/ATOL registered, or ask someone to install a gas appliance without being CORGI registered, so why would you buy goods or services from a company that wasn’t Cyber Essentials certified ? Turn the risk of a breach into a real opportunity and certify to differentiate your organisation from others in your industry.
How can I get help with Cyber Essentials?
So how can we help ? If you’ve read the questions and don’t know your patches from a strong passwords, or your firewall from your router, then don’t worry, help is at hand. We pride ourselves on guiding organisations through the certification process and making it (in the words of one of our Clients) a painless process !
Give us a call on 01926 800710 or email us at info@riskevolves.com and we’d be delighted to help.