Business Info - Issue 130 - page 16

businessinfomag.uk
magazine
16
The scheme
doesn’t offer
a silver bullet
against all
cyber security
risk
We want to
do everything
possible to
protect our
clients and
ourselves
Cyber Security
We often hear of large organisations
suffering security breaches, the likes of
Tesco and Yahoo, but cyber-criminals
don’t just target household names;
small businesses are equally at risk
and need to take cyber security just as
seriously as their biggest customers
and suppliers. But where to start?
For more and more organisations, the
answer is to become Cyber Essentials
certified. Launched by the Government
in June 2014, the Cyber Essentials
certification scheme aims to educate
organisations of all sizes in the basics
of cyber security and to provide a
mechanism for countering the most
common attacks.
The scheme doesn’t offer a silver
bullet against all cyber security risk –
additional measures will need to be
taken to protect against advanced,
targeted attacks – but it does provide
cost-effective basic cyber security,
and is a good way of demonstrating a
commitment to safeguard data held by
the company.
Developed in consultation with
insurance companies, the scheme is
backed by AIG, Marsh, Swiss Re, the
British Insurance Broker’s Association
(BIBA) and the International
Underwriting Association. Some insurers
even offer preferential rates to certified
businesses when they take out cyber
insurance policies.
Since October 2014, Cyber Essentials
has been mandatory for suppliers
of Government contracts in which
sensitive and personal information
might be handled. Growing concern
about cyber attacks means that it could
soon become a criterion for winning
business in other sectors.
There are two levels of certification,
Cyber Essentials and Cyber Essentials
Plus. Cyber Essentials certification
focuses on five key controls: boundary
firewalls and internet gateways; secure
configuration; access control; malware
protection; and patch management.
Certification requires an organisation
to self-assess their implementation
of these controls. This is then verified
by an independent Certification Body
to assesses whether the appropriate
standard has been met.
Cyber Essentials Plus provides a more
thorough assessment, with additional
external testing of an organisation’s
cyber security status, through
penetration testing, for example.
Prices for the foundation certification
start at around £300, though cost varies
depending on the certification body used.
Certification bodies can be contacted via
a Government-approved Accreditation
Body (e.g. QG Management Standards,
IASME, CREST, APMG, IRM security).
On successful completion, certified
organisations can display a Cyber
Essentials or Cyber Essentials Plus badge.
Take the highway
The Cyber Highway online portal,
launched in September 2016, provides
companies with a cost-effective and
efficient route to Cyber Essentials
certification, with built-in guidance to
help businesses of any size or level of
IT capability through the certification
process. A spokesperson for Cyber
Essentials Direct Ltd, the company
behind the portal, said that it challenges
basic or conventional ‘tick-in-the-box’
self-auditing systems and ‘presents a
fresh and practical approach to Cyber
Essentials certification in line with the
latest Government standards’.
The spokesperson added: “The Cyber
Highway portal provides access to a
range of explanatory tools and has a
dedicated helpline.We also offer a range
of policy templates that companies
may purchase to help in the compliance
process. Based on our understanding that
many companies might require additional
technical security assistance to implement
some of the necessary controls for Cyber
Essentials certification, we have a team
of Accredited Cyber Essentials (ACE)
Practitioners, Trainers and Consultants
qualified to provide the optimum level of
Covering the basics
remote or on-site support that businesses
might require to progress towards Cyber
Essentials certification.”
The cost for businesses to become
certified and maintain certification
with The Cyber Highway starts at £300
per annum for companies with 1-10
employees, £600 for companies with 11-
50 employees, £900 for companies with
51-250 employees, and so on.
One of the key feature of the portal
is a Cyber Highway Dashboard, which
guides the user through each stage of the
journey to Cyber Essential certification,
even providing an alert when it is time to
re-apply for certification.
Case studies
Business Info
spoke to two businesses
that have become Cyber Essentials
certified to find out why they did it and
what the process entailed.
Jigsaw CCS, a direct mailing and
creative hand fulfilment specialist based
in Binley, Coventry, was motivated to
get certified by media coverage on the
growing cyber security threat.
Operations director Lorna Harling,
said: “Not a day seems to pass without
cyber-crime being in the news headlines.
We know that any business is at risk
regardless of size, so we want to do
everything possible to protect our clients
and ourselves. Our work with clients is
based on trust.We treat their businesses,
and the data we process, as highly
confidential. And we wanted to carry
out a health check to ensure our own
systems supported that, which is why we
decided to apply to the scheme.”
Jigsaw CCS worked with Risk Evolves,
a risk management and security company,
and with Zenzero, its IT provider, to help
prepare for the certification process.
Harling found the whole process quite
straightforward. “It was easy for us as
Zenzero had already helped us build a
robust infrastructure and we already
had good technical controls in place, so
we didn’t need to spend any money on
improving this,” she said.
The only cost for Jigsaw CCS was for
the certification itself, which Harling
thinks was an investment worth making.
“The cost of accreditation is outweighed
by the added peace of mind and
assurance we can offer our clients that
their data is safe with us. The whole
process from start to finish took less
than a month and the scheme has been
designed to be relevant, achievable
and affordable to even the smallest
company.”
She added: “We are now one of
Jigsaw
More businesses are
choosing to undergo Cyber
Essentials certification.
Tayla Ansell finds out why
1...,6,7,8,9,10,11,12,13,14,15 17,18,19,20,21,22,23,24,25,26,...44
Powered by FlippingBook