You don’t need Cyber Essentials
The fact is that you don’t need Cyber Essentials. You can carry on as you are. But, and it is a BIG but, the world has changed. The threat of Cyber attack has increased and GDPR has arrived. These changes increase your responsibilities, in terms of the risk that something bad could happen to your organisation and in terms of increased accountability if it does.
The risks have increased…
The increasing risks are linked to the evolution of the threats. Cyber attacks are big business and it is organised crime. Take a look at Europol’s announcement in July 2017.
It only takes milliseconds for a criminal’s computer to get to your computer. Worse than that, there is plenty of evidence that there are government-level attacks going on. These people are very clever and have lots of money. And they aren’t aiming only at the big targets; they are looking for the soft underbelly – the small supplier to their target organisation that might have a smaller budget and weaker IT security. In other words, us.
…and the consequences have increased too
The consequences of a Cyber-attack have also increased because of increased sensitivity. Major breaches with companies like TalkTalk, Dixons Carphone, and Yahoo have had a lot of publicity and the companies have suffered significant damage to their reputation. That makes people more sensitive to the impact of an attack where their data could have been stolen. Your organisation may be much smaller than these well-known names, but you are closer to your customer and the impact of a security breach could be very damaging to you.
GDPR has also increased accountability. The prosecutions and big fines have not happened yet, but there is no doubt that we can all be held much more accountable in the event of a security breach.
Why Cyber Essentials?
The UK government is aiming to make the UK the safest place in the world for working online. This is one of the cornerstones of the government’s Digital Strategy.
One component of this strategy is Cyber Essentials, giving UK businesses the ability to put in place the essential controls for their IT security.
Achieving the Cyber Essentials certification shows your commitment to IT Security. It demonstrates to your customers and potential customers that you have the systems and procedures in place to protect your organisation and your data. You can use the Cyber Essentials logo on your website and other marketing materials and you will also be listed on the government’s Cyber Essentials web site. And, if you want to bid for government contracts you will need to be Cyber Essentials compliant.
Cyber Essentials is a self-assessment process. So, while you can take a do-it-yourself approach, many organisations need professional guidance to carry out a gap analysis to identify the areas of non-conformance. Most importantly, they need help to take the most appropriate remedial action to protect themselves without adding excessive friction to their business.
Riverbank will take you right through the process, from initial assessment to certification. After that, we can continue to work with you to monitor and manage your IT security and manage your annual renewal.
Contact Us for more information or call 01235 426 700
Alternatively, fill the form below.