As a small business committed to working within the Public Sector adding Cyber Essentials to our trophy cabinet of accreditations was a no-brainer. Whilst Cyber Essentials is only mandatory for working with MOD, the government backed scheme is a public demonstration of our commitment to security and information governance. In the private sector, however, even two years on, is still relatively unknown – so if you are not familiar with the standard here’s a bit of background.
In the beginning there were 10 steps…
In 2012, HM Government launched the 10 Steps to Cyber Security guide to encourage organisations to consider their cyber security measures and to ascertain whether they were managing their cyber risks sufficiently. The guide was extremely well received. Business leaders were encouraged to take ownership of their cyber risks and to build them into their overall corporate risk management regime.
As the old adage states “you are only as strong as your weakest link”, and this is never more relevant than in the world of cyber security. There are numerous examples of where vulnerabilities of third party links have been exploited for far more sinister purposes. Most notably in 2013 where the US retailer Target was hit by one of the biggest data breaches in the industry’s history. The breach was determined to have been instigated through their connection to their HVAC contractor. Highlighting the fact that all businesses, whatever their area of specialism, need to take cyber security very seriously!
So, through their remit to tackle cybercrime and a desire to make the UK one of the most secure places in the world to do business in cyberspace, it became clear to HM Government, that whilst the 10 Steps were a good start more work was required. And in 2014, after working in conjunction with the industry to create an effective standard for cyber security, Cyber Essentials was launched.
The remit of Cyber Essentials
The Cyber Essentials scheme is the cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that must be in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
The rationale was that it would enable organisations and their customers and partners, to have greater confidence in their ability to measure and reduce basic cyber risks, as they would be independently assessed, where necessary. And with the ever improving skill of cyber criminals the potential for a “security risk” to develop into a “security issue” is a concerning reality for business owners, and one which Cyber Essentials can go some way to alleviate.
The Cyber Essentials scheme identifies some fundamental technical security controls that an organisation needs to have in place to help defend against Internet-borne threats. By deploying these controls, they can defend against the most common forms of basic cyber-attacks originating from the Internet.
The scheme focuses on the following five essential mitigation strategies:
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Safe. Secure. Simple.
Through our Cyber Essentials certification we hope to demonstrate our commitment to cyber security and working with both public and private sectors. Security is always an important consideration, and a critical success factor in relation to building bespoke software. Whilst we have always had the checks and balances in place to ensure our business and our customers are protected, the validation of Cyber Essentials as a recognised accreditation is something we are proud to add to our armory.
If you would like to know a bit more about how we work, the secure services we provide and how we could help your business, get in touch. A chat with one of our consultants can be really helpful whatever stage you are.Tweet