Cybersecurity generally makes headline news when large corporates are attacked and data is leaked or services are interrupted. But all businesses today have some connection with technology and whether you are large or small, part of a team or a sole trader, you cannot afford to ignore the risks.
In simple terms good cybersecurity comes down to two things. Protecting your systems as far as is practically possible and then having a backup and recovery plan in place if this should fail.
The protection that you put in place should be appropriate to your business and be based on your industry, the data you hold, the level of regulation in your industry, the technology in use and many more factors.
And it’s much more than protecting your data; it’s also about showing your clients that you take IT security seriously and that is becoming increasingly important. One of our customers has recently been informed by one of their major clients that they need to be either ISO 27001 or Cyber Essentials certified to even consider continuing to work for them.
Essentially, and at the most basic level, you need to address your policy, procedure and protection in at least the following areas:
Of course there are many more things to consider and factor in to this. In all areas, but more so in relation to technology, security is all about risk mitigation—you will never actually achieve “secure”, you merely decrease your exposure. And the things highlighted above should be carried out as a matter of good practice.
The starting point for all this is to understand the business, the technology in use and the risks faced – we do this by carrying out a basic security audit. This should include your IT infrastructure, policies and procedures, access control for systems and data, internet connections and other related areas.
Once we have all this information we can identify risks – it isn’t too complicated but there equally isn’t a ‘one size fits all’ approach available. Businesses can easily waste money and move further from being secure due to a lack of knowledge around how to tackle cybersecurity pragmatically and practically. Depending on your available resources, competence and expertise we can offer help in many areas. You may be bombarded with stories of disaster or random offers of assistance but don’t panic.
Cyber Essentials is a Government-backed scheme to help organisations protect themselves against common cyber-attacks. Up to 80% of cyber-attacks could be prevented if organisations followed good practice. In essence, achieving a basic level of cyber protection is about systems and practices which are built in to your business and understood by your staff.
The scheme covers fundamental security controls that businesses should have in place to secure themselves against common security threats and reassure clients that they take cyber security seriously.
There are five technical controls covered by Cyber Essentials and they are:
Cyber Essentials certification can be achieved through self-certification if the five technical controls are in place and managed correctly. There are usually a number of areas to be addressed before certification can be attempted.
We are able to take an objective look at your systems and processes and compare them to the controls in the Cyber Essentials scheme to understand the risks you are facing and the measures you can take to reduce these risks.
So, where should you start? Our experience is that a business should carry out a thorough gap analysis to understand how far away it is from best practice in line with the Cyber Essentials scheme. An objective, independent review of your business will identify, prioritise and then offer guidance on how best to deal with the key gaps and risks that you will need to address.
Our Cyber Essentials Gap Analysis and Report presents you with a clear picture of the areas in your business that need attention; you can then make an informed decision as to whether you will do it yourself, get a little help or get a lot of help!
It is important to get this right as any follow up and remedial work will probably involve time and investment. If your focus is wrong then this will be wasted and you might not end up much nearer your goal.
Whatever stage you are at (or whatever cybersecurity issues you are facing) we can help you through fairly priced, effective and pragmatic consultancy. Cybersecurity is long term commitment and cannot be ignored. It’s a combination of technology and operational practices.
I you would like to understand how we can help with any aspect of Cybersecurity then please have a look at our Cybersecurity services (including Cyber Essentials) for more information or fill in the form below and send us a few details. We’ll get back to you shortly.
For any questions or enquiries please feel free to get in touch at any time. Providing a good service is about being available and flexible.
Or send us a message below…