Cyber Essentials & IASME
Protect your organisation against common cyber threats
The risk of Cyber-Crime
All businesses need to be aware of the risks of cyber-crime, including hacking and viruses that can threaten customer data and confidential information. Frequently, cyber-attacks are not even especially sophisticated but they still cause damage to businesses.
Ciaran Martin, CEO of the National Cyber Security Centre, says, “By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities”.
There is also great fear of new tech in case it is vulnerable to attack. Mike Cherry from the Federation of Small Businesses explains that “some businesses refrain from embracing new technology as they fear the repercussions and do not believe they will get adequate protection from crime.
“In the face of an ever-increasing threat of cyber-attacks, the FSB supports the Cyber Essentials scheme as an additional and important tool, designed to help reduce the risk to small firms and improve the resilience of the sector.”
The fact is that even if you think you are safe from cyber-crime, there are always criminals trying to break into your systems – and chances are they have already succeeded, whether you are aware of it or not. According to James Snook, Deputy Director in the government’s Office for Cyber Security, “My message for companies that think they haven’t been attacked is: you’re not looking hard enough”.
“My message for companies that think they haven’t been attacked is: you’re not looking hard enough”.
James Snook, Deputy Director of the Office for Cyber Security and Information Assurance (OCSIA)
What is Cyber Essentials?
The majority of cyber-attacks exploit basic weaknesses in your IT systems and software. Cyber Essentials is a scheme that shows you how to address those basics and prevent the most common attacks. It was designed by the Government to make it easy for you to protect yourself.
Online threats of hacking and viruses are getting more and more advanced, according to Christopher Graham from the Information Commissioner’s Office. He recommends Cyber Essentials, explaining:
“This scheme focuses on the core set of actions that businesses should be taking to protect themselves, their customers, and their brand. Cyber Essentials enables businesses to demonstrate that they are taking action to control the risks”
Cyber Essentials requires an organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.
Cyber Essentials helps prevent the vast majority of cyber-attacks. Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cash flow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation.
It could even be reported in the local media, risking customer confidence even further. As Christopher Graham explains, “The knock-on effect of a data breach can be devastating. When customers start taking their business elsewhere, that can be a real body blow”.
Plus, of course, any loss of data could breach the Data Protection Act and lead to fines or prosecution.
Having a Cyber Essentials badge will:
- Protect your organisation against common cyber threats
- Show your customers you take this issue seriously
- Enable you to bid for Government contracts.
Since October 2014, Cyber Essentials has been mandatory for suppliers of Government contracts that involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts.
Cyber Essentials Plus
Cyber Essentials Plus covers the same requirements as Cyber Essentials but tests of the systems are carried out by an external certifying body, using a range of tools and techniques.
Cyber Essentials Plus is the best way of making sure that what you keep your data secure.
The IASME Governance standard was developed over several years during a Technology Strategy Board funded project to create a cyber security standard that would be an affordable and achievable alternative to the international standard, ISO27001.
The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking positive steps to properly protect their customers’ information.
The IASME Governance assessment includes a Cyber Essentials assessment and is available either as a self-assessment or an on-site audit. Since the 1st March 2017, it has also included an optional assessment against the GDPR requirements.
We currently recommend that small- to medium-sized companies follow the IASME standard because it’s more comprehensive and focused and encompasses both Cyber Essentials and GDPR. It protects and controls a whole lot more without being as onerous as ISO27001, and it is a fantastic stepping stone to meet that standard in the future.
Need some advice from our Cyber team?
Fill out the form and we’ll get straight back to you