Cybersecurity is a daunting area for many businesses, with the added anxiety that if it’s not right, the consequences can range from inconvenient to devastating.
Businesses and organisations often ask us, “Where should we start with cybersecurity?” Our answer is always: start with Cyber Essentials certification.
While there may be many aspects of IT security that spring to mind when you think of ‘being secure’, such as antivirus, spam filtering and reliable backups, these, on their own, don’t take care of the security of your whole IT system.
What is Cyber Essentials certification?
Cyber Essentials is a government-backed, industry-supported and recognised scheme to help organisations of any size and type protect themselves against a whole range of common online threats.
Why do Cultrix recommend Cyber Essentials certification?
Because, going through the self-assessment option really helps you to identify the weaknesses in your IT. It’s a good and effective way to audit everything relatively quickly so you know where you stand with your IT security and what needs to be done to make you secure.
By identifying the weaknesses, you can reduce risk
Cyber Essentials takes some time to achieve the first time around but it gives you the knowledge you need to improve your protection and get basic measures in place.
The basic measures are more important than you think
Without basic cybersecurity measures in place, you are a vulnerable target to more in-depth unwanted attention from cybercriminals. Not having the basic measures in place is likened to not having your front door locked. Once a criminal knows you leave your door unlocked, they’ll come back time and time again.
It’s not just about peace of mind
If it were only about peace of mind that would be enough for most business owners to be clicking through to the Cyber Essentials readiness tool straightaway. But it’s important too for the operational advantages you gain:
- You’ll have measures in place to ensure your business can continue in the event of an attack
- Your customers, partners, suppliers and employees can trust that you handle their data with integrity and securely
- You can gain commercial advantages by virtue of the fact you are Cyber Essentials certified, and can advertise this
- You can bid for many public sector tenders as Cyber Essentials certified, that you otherwise would be excluded from
Isn’t it time you addressed the basics?
There may be other areas of your business, such as the products and services you provide that you consider to be crucial in terms of quality. You may be ISO accredited in other areas of your business. Yet, IT and the system you rely so heavily upon for your day-to-day as well as long-term operation and innovation, could be lacking.
What are my Cyber Essentials options?
Cyber Essentials self-certification
You can either be ‘self-certified’ with the basic Cyber Essentials accreditation. This involves bringing your infrastructure up to the required standard and submitted a completed document to obtain certification.
Even as a basic start to IT security, Cyber Essentials self-certification is a highly effective way to review your systems and policies. It also renews annually, which enforces your regular review on an ongoing basis.
Cyber Essentials Plus
If your budget allows, we strongly recommend going the extra mile to have your completed self-certification document and infrastructure audited to verify it is all as stated. Many contracts are now stipulating Cyber Essentials or Cyber Essentials Plus as a requirement, so it depends on your industry and the contracts you want to secure as to which option is for you, but the confidence you can have in your systems, of having everything double-checked and verified is the best option.
Where to start with Cyber Essentials and what are the costs?
Like any other business expense, you’ll want to know indicative pricing for what’s involved, and any the required changes you’ll need to make to become Cyber Essentials self-certified or Cyber Essentials Plus certified. We can help.
We work with you to complete relevant documentation, create the required policies, implement any changes, and achieve the certification/s.
There are one-off and ongoing costs depending on the options you chose, plus a likely increase in your ongoing costs for relevant security software licencing, and if more devices need to be managed. With Cyber Essentials, any unmanaged/non-compliant devices are excluded from accessing your business data, which includes mobiles/tablets accessing email.
Is it worth it?
Antivirus alone is not going to protect you against sophisticated cybercrime so prevalent in today’s online operating environment. Cyber Essentials is an excellent starting point to putting the protection in place you need to stay secure, as well as helping you to be aware of further measures to stay one step ahead.
We’re Cyber Essentials experts and can provide all the help and support you need.
< Read more articles on our IT Academy
Buying a laptop for work? Read this first!
It’s crucial you get the right specification laptop for your work and business, or you run the risk of failing in online security and GDPR and facing costly upgrades.
Make password management a first line of defence
If you do nothing else when it comes to cybersecurity use a secure password manager as an effective first line defence. It takes only one stolen credential.