There seems to be a never-ending stream of statistics about data security and ransomware these days. Everybody wants to raise your awareness of cyber security (don’t worry, we’re not going throw any more stats at you). We’re assuming that by now you’re aware that it is an issue.
However, there is a big difference between awareness of a problem and actually doing something about it. If your business is something other than IT, the idea of sorting out cyber security probably makes you want to bury your head in the sand. So, it gets put on the back burner. And there it stays.
Cyber security isn’t fun or sexy and it’s not going to directly lead to any more revenue.
Or will it?
More and more businesses are inquiring about cyber security, and here are three key reasons why;
- Due to the increasing number of cyber-attacks, clients are asking more of their partners and service providers who hold or process confidential or personal information for them.
- The UK government has confirmed that the EU General Data Protection Regulation (GDPR) will apply as of May 2018, regardless of the decision to leave the EU. Although the current UK data protection act is similar to the GDPR, there are additional requirements and increased penalties, enforced by the ICO, for organisations not adhering to good governance practices. Responsibility lies with both the client and the provider. Business is starting to take notice because to ignore it will affect their ability to trade in Europe.
- Organisations that work with government departments handling sensitive and personal information must be certified to a certain standard that ensures they protect themselves against cyber-attacks.
Fortunately, there is a UK government backed scheme designed to help businesses figure out how to approach cyber security. There are two levels to consider based on the goals of the business. The first is a templated self-certification process called Cyber Essentials. The second is Cyber Essentials Plus that goes one step further to include an independent audit of your Cyber Essentials certification.
Regardless of the level chosen, there are a few key benefits of the scheme.
- It provides a way for you to demonstrate to your clients that you have reviewed your security measures and they are at least as good government standard. In addition, by placing the certification badge on your website and marketing material, you can set your business apart from competitors by showing you take security seriously.
- Even if the UK were not to participate in GDPR, any organisation doing business in the EU must be aware of, and adhere to, the GDPR principals. They can be held liable for GDPR breaches. Putting the Cyber Essentials framework into a business is a great way to ensure the proper security measures are in place for data protection. This will help towards compliance with GDPR which in turn can facilitate commerce with the EU after Brexit.
- Having Cyber Essentials certification opens the door to working with UK government departments.
Hopefully by now, you’re thinking this all makes sense. However, there is still the challenge of doing something about it. In reality, you could go to the Cyber Essentials website, download the information and try to go through it yourself. But if you are a legal, architect or other professional services firm, with limited time or budget to address it, you’ll move on to “more important” things.
Why not hand this off to someone who has been through the process (we are Cyber Essentials Plus certified), and have developed a systematic approach to assess your business security, can identify any areas of weakness and help take remedial actions to help you become Cyber Essentials or Cyber Essentials Plus certified, in the shortest amount of time possible.
It really is the easiest way.
If you have any questions about Cyber Essentials, security or any other IT related issues, feel free to add a comment below or reach out to us by clicking here.