A government report (National Cyber Security Centre[NCSC]) published in the last 12 months highlighted a plethora of cyber risks businesses are being placed at. Specifically, according to HISCOX in the UK, one small business is hacked successfully every 19 seconds. In addition 88% of UK companies having suffered a breach in the last 12 months. Added to this, of the 5.6m SMEs in the UK, about one third have been victims of a cyber-attack. This cost on average £25,700 in clear-up costs in a year.
To protect your business from hackers it is critical that businesses have a cyber security strategy in place. This is to prevent, detect or mitigate against these attacks. A government backed scheme, Cyber Essentials offers this protection.
In this post we’ll define a key approach to putting a strategy in place. This will provide some reasons why this is imperative to help you protect your business. Finally we’ll also share 6 best practices for getting it in place in your business.
What is Cyber Essentials and why does it matter for your business?
Cyber Essentials is a government backed scheme to help protect your business from the most common cyber attacks.
Cyber attacks are like a thief trying your front door to see if it’s unlocked.
The scheme consists of two levels of certification:
This is the self-assessment option and gives protection against a wide variety of the most common cyber attacks. In addition this it will protect you from both simple attacks as well as more in-depth unwanted attention from cyber criminals and others.
Cyber Essentials Plus has an additional hands-on technical verification carried out.
Why Cyber Essentials?
Whichever level you opt for, having a Cyber Security Strategy in place matters for your customer.
Reasons to consider Cyber Essentials
- It reassures customers that you are working to safeguard information they share with you against cyber attack. Forty-four percent of UK consumers say they will stop spending with a business temporarily after a security breach. 41% claim they will never return to a business post-breach.
- It attracts new business with the promise you have cyber security measures in place
- If your business is looking to engage or already engages with some Government contracts, Cyber Essentials certification is a requirement.
- If you are a charity and rely on income from funding bodies, Cyber Essentials certification will give confidence that your processes are robust
- It demonstrates that you have a clear picture of your organisation’s cyber security level.
For you and your business Cyber Essentials Certification holds two benefits. It gives you peace of mind that your defences will protect against the vast majority of common cyber attacks.
Furthermore it also shows you how to address those basics and prevent the most common attacks.
How to enable your business to flourish and thrive with a cyber security strategy in place
Businesses of any size need to keep in mind 6 principles as they develop and put in place their cyber security strategy as follows:
1. Secure your Internet connection
This is best done using a firewall which protects any device or other network in use.
One option is a personal firewall on your internet connected laptop (this is often included as part of your Operating System at no extra charge).
However for a more complicated set up with many different types of devices a boundary firewall might be needed. This is a dedicated firewall which places a protective buffer around your network as a whole.
2. Use secure settings for your devices and software
Once any hardware or software is configured, make changes that will ensure that the security is as high as possible.
For example, disable or remove any functions, accounts or services which you do not require.
3. Control who has access to your data and services
To reduce the possibility of an account being misused, stolen or an attacker infecting your devices, make sure that users of any systems only have access to the software to perform the role intended.
Similarly, this also goes for any settings within the software. Admin permissions should only be given to those who need them.
4. Protect yourself from viruses and other malware
Without any protection from Antivirus software or preventing staff from downloading apps from unknown sources, you are laying yourself open to harm caused by viruses, often referred to as malware.
5. Keep your devices and software up to date
Also, it is critically important to keep all phones, tablets, laptops or computers up to date at all times. This is true for both Operating Systems and installed apps or software.
Likewise, manufacturers and developers release updates regularly that not only add new features, but also fix any security vulnerabilities that have been discovered.
6. Review and refine
The tactics used by cyber criminals are constantly evolving. Therefore, businesses need to audit their strategy. Completing this on at least an annual basis will ensure that all safeguards are still current and robust. The Cyber Essentials scheme includes this annual auditing process.
Businesses gain Cyber Essentials certification by completing either the self-assessment process or by seeking help from a licenced Certification Body. This approach gives expert consulting services to guide and help you achieve your certification.
Tips and Reminders
#1 A UK business is successfully hacked every 19 seconds at an average cost of £27,500 per incident, just in clean-up costs.
#2 Other costs to business are loss of business from existing businesses and negative impact on your brand’s reputation.
#3 Cyber Essentials and Cyber Essentials Plus is a simple government-backed scheme that can help to protect your business from the most common cyber-attacks.
#4 The certification can be managed in-house or outsourced to an expert certification body.
#5 Certification involves assessment of principles 1-5 identified above, referred to as the 5 key controls.
#6 Annual Certification ensures that your strategy remains robust.
#7 Businesses can achieve certification by either completing a self-assessment or seeking advice from a licenced Certification Body expert.
Therefore, adopting a Cyber Security strategy using the principles of the government’s Cyber Essentials scheme outlined above is important.
Furthermore, these principles or key controls will help you define and refine your Cyber Security strategy to protect your business from attack. Additionally, they also demonstrate a customer-first approach to both customers and prospects alike.
Firstly, following the steps, tips and reminders above will provide peace of mind to your customers and prospects that their data is safe with your business.
In addition it will give you inner calm that your assets are safe from the vast array of simple threats to try to disrupt your business.
To find out more about how The GDPR Compliance Consultancy can help you achieve this certification that many businesses are now demanding along with the peace of mind you are looking for.
Tell us what do you think
- What have been your experiences of safeguarding against cyber attacks?
- Let us know what are your top tips for guarding against this type of attack?
Call us today on 03333 22 1011 or book your free consultation here.