UK
US
NL
DE
FRCyber Essentials, Essential?
By Mark Smith , Director of IT & Infrastructure SoloProtect,
15 May 2017
Cyber attacks can be costly; a survey last year revealed that cyber security incidents cost UK firms £34.1bn in the past 12 months, with under half of those attacked having suitable enough defences.
It wasn’t too long ago that term cyber security would elicit a lot of head scratching and people asking ‘why?’. Today, the need for cyber security is much more obvious, an explosion of cyber-attacks has caused increasing damage to companies, governments and individuals. None more relevant than last weekend’s attack, where the NHS in the UK, and several other large companies across the globe were hit by a large-scale ransomware attack.
Cyber attacks can be costly; a survey last year revealed that cyber security incidents cost UK firms £34.1bn in the past 12 months, with under half of those attacked having suitable enough defences.
Personally, I believe this cost only tells half the story, and a far more serious consequence of a cyber-attack is a data breach. If you’re responsible for any kind of data, it’s your duty to ensure that this information is secure; this duty becomes even more important if you’re responsible for sensitive data. Loss of data can severely affect an individual whose data has been leaked; private and sensitive information could become public, there’s a risk of identity theft and fraud, and the financial implications can be catastrophic. As well as this, and the financial repercussions to your company, the reputational and brand damage a data breach can have on a business can be irreparable.
With this in mind, the government is to renew its push on Cyber Essentials Accreditation for businesses, in advance of the Cyber Security Skills Strategy which will be published later in the year.
Earlier in 2017, Matt Hancock, Minister for Digital and Culture, said the government will be encouraging all businesses to take up the Cyber Essentials scheme.
‘I mentioned the Government already requires many of its suppliers to hold a Cyber Essentials certificate. We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.’
Having been through the Cyber Essentials Accreditation as early as last October at SoloProtect, we’re well aware of the benefits to both ourselves and our clients. Through holding the Cyber Essentials Accreditation we’ve demonstrated that we have implemented these five essential controls to ensure we’re secure:
Secure Configuration
This means our computers and network devices are configured properly and we identify and remove any systems or databases that we no longer need or use.
Boundary Firewalls and Internet Gateways
By using boundary firewalls to monitor traffic to our servers, we better understand and manage our bandwidth requirements and continue to block attackers and external threats.
Access Control and Administrative Privilege Management
We keep on top of access control and administrative privileges to ensure we are only installing safe software on to their computers. Patch management Keeping on top of software patching and licencing makes us more secure. We ensure all patches are tested and installed within 14 days of their release, often sooner.
Malware Protection
We have the appropriate malware protection to safeguard our network from viruses.
I believe that by following these steps, and by gaining the Cyber Essentials Accreditation, we have enhanced our business reputation and proved to our customers that we take the security of their data extremely seriously, and are taking all the necessary steps to ensure it stays safe.
