The sophistication and number of cyber-attacks is increasing significantly. According to the UK Government, 48 per cent of businesses in the country identified at least one breach or attack per month in the 12 months to July 2019. Organisations need to manage these growing risks in more advanced ways if they’re to remain effective.
It’s crucial that an organisation has confidence in its own ability to reduce the risk posed by cyber-attacks. Equally, it’s vital for businesses to demonstrate their commitment to managing security risk to their customers and client base. That’s why the same Government survey found 78 per cent of businesses say cyber security is a high priority for their senior management.
So, how can organisations prove to their people and customers that their cyber security measures are up to the task?
The UK’s Cyber Essentials scheme helps organisations that are looking to improve their basic cyber security controls, offering an industry-recognised cyber security certification. There are three main reasons why the Cyber Essentials scheme is so popular – it’s accessible, recognisable and scalable.
The Cyber Essentials scheme is an affordable certification, making it accessible to all organisations. The UK Government created a simple path to certification that lets organisations assess their susceptibility to external attacks and is an excellent entry point into cyber security certification.
The scheme has two levels, the Cyber Essentials and Cyber Essentials Plus. Both assessments focus on five key security controls: boundary firewalls, data control, device security, anti-malware measures and patch management.
Overseen by the National Cyber Security Centre (NCSC), Cyber Essentials is an accreditation that industry recognises. It also provides the basis to progress to further cyber security certifications, such as ISO 27001, and shows an organisation’s commitment to the security of its employees, customers and IT infrastructure.
The scalability of Cyber Essentials makes it available to small, medium and large organisations alike, scaling up or down to meet individual needs. It’s also possible to narrow the scope of the assessment to one location or team.
Cyber Essentials is more than just a name – the aspects of cyber security it covers really are essential for all organisations with any level of digital footprint. So, whether you have an office computer for keeping your accounts, or have digital at the core of national and international services, accreditation is a vital first step to proving your organisation is acting on cyber risk.
But it’s important not to stop there. Cyber threats are constantly evolving, and more robust security checks and plans are crucial. For example, we worked with Network Rail to assess how effective their cyber security processes and culture were. Cyber security is now at the core of their activities, with new systems planned and a well-informed workforce keeping the railways safe from cyber threats.
Whatever the scale of your organisation, start with the cyber security essentials and continue to review and improve. Only then will you be able to prove you’re managing cyber risk effectively and benefit from increased customer trust.