The Cyber Security Breaches Survey 2016 commissioned by HM Government has identified that smaller businesses are leaving themselves open to cyber-attacks, believing that cyber crime is only a problem for ‘big business’. But even very small companies have data relating to their customers, from email addresses to financial data, any of which could provide a valuable commodity to cyber criminals.
So what action can they take in the fight against cyber crime?
There are a whole host of choices that companies can make when thinking about how best to secure their company against cyber attacks. There are lots of different frameworks and products offering cyber protection on the market, but how do you know which one is right for your business? Many offer different levels of security along with differing levels of complexity and hoop jumping to meet the standard, or acceptance criteria, which makes it difficult to decide which option is best. However, government backed Cyber Essentials is a cyber security certification scheme that sets out a number of requirements designed to ensure your organisation is protected from the most common cyber security attacks.
The UK government launched the Cyber Essentials scheme to provide companies with a recognised cyber security certification, allowing the accredited business to advertise this fact and demonstrate to their customers that they take cyber security seriously. To gain accreditation, companies carry out a self-assessment which is then independently verified.
Cyber Essentials is backed by many major businesses, including BAE systems, Barclays, and Hewlett Packard. The Information Commissioner has stated that she “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it”. Indeed anyone bidding for a new Government contract must have Cyber Essentials certification. Although it cannot make you invulnerable to attacks, it is a very good indication as to how seriously your company approaches its cyber security.
The scheme provides five fundamental security controls that an organisation needs to have in place to defend itself against the more common internet cyber-attacks. They are:
- Boundary firewalls and internet gateways – designed to prevent unauthorised access to or from private networks
- Secure configuration – ensuring that all systems are configured in the most secure way for the needs of the organisation
- Access control – to ensure only those who should have access can have access and at the appropriate level
- Malware protection – making sure that virus and malware protection is installed and up-to-date
- Patch management – ensuring the latest supported version of applications is used and all the necessary patches have been applied
So why aren’t more businesses signed up to the Cyber Essentials scheme?
Well, perhaps the scheme is not widely known or businesses are put off from tackling this problem because it’s typically seen as a complex and time-consuming procedure that will interfere with business as usual activities. Seeking the help of an IT professional who specialises in cyber security can ease you through the process, help you understand where your vulnerabilities lie, and put in place policies and procedures to ensure you remain secure. Our information security team regularly work with customers big and small to help them select the right level of security, and in the case of Cyber Essentials, we can also audit and accredit your company to the standard. Our technology specialists can also advise on and implement any infrastructure recommendations to help keep your systems and data secure.
The UK government launched its cyber street wise campaign with the aim of changing the views of how businesses deal with cyber security and encourage businesses to stay safe online. It deals with the misconceptions of safety online and that only big business is at risk. The message is clear – we are all at risk and potential targets. Although businesses are now more aware of the threats out there; cyber security breaches are too regularly front page news, the government report highlights the gap between awareness and action. Many simply still do not understand what impact a breach will have on their business and what they should do about it. With cyber attacks increasing dramatically year on year, and attacks becoming more and more sophisticated, no business can afford to be complacent about security.