Monday, 11 June 2018

Why your organisation needs to be Cyber Essentials Certified

New research released in 2017 shows that over half of all UK companies experienced a Cyber-attack in 2016, costing businesses as much as £30 billion.

Phishing and viruses were the most common threats, affecting nearly a quarter of those surveyed, while 18 percent suffered a hack or data breach. Although ransomware claimed fewer victims – 388,000 as opposed to 1.3m for phishing attacks – it cost firms a lot more: £7.3 billion versus £5.9 billion. Even public service organisations failed to escape, with the taxpayer having to pick up the tab.

With larger firms most at risk of attack (because of their broader attack surface and willingness to pay a higher ransom to recover their data), this makes the manufacturing sector a prime target. Throw into the mix the international nature of the supply chain and this exposes further vulnerabilities.

What can you do to prevent a cyber-attack on your company? 

The Cyber Essentials self-assessment questionnaire is a good place to start and will give you an evaluation of your current systems and policies.

Cyber Essentials is a government-backed scheme that is comprised of five strategies which work together to actively prevent cyber-attacks. Presently, all organisations and suppliers that deal with secure government data are required to hold a Cyber Essentials Certificate, and they want to build upon this to encourage more businesses to also take the time to put processes in place and become Cyber Essentials Certified.

The benefits of becoming Cyber Essentials Certified 

Increase security within the supply chain

Manufacturers, wholesalers, distributors: these different organisations within the supply chain all share and access certain sensitive information. Without sufficient levels of security, each different stage carries its own security risks. Working exclusively with suppliers and partners who are Cyber Essentials Certified ensures that the highest levels of security are consistently maintained.

Greater customer trust and data protection

Cyber Essentials means that organisations can prove to their customers and other stakeholders that they maintain the highest data protection levels. This gives companies a competitive advantage over others within their industry, since they can offer unparalleled security and lower risk solutions to their clients.

Reduce costs and bolster regulatory compliance 

Being Cyber Essentials certified means you could save money in other areas of your business. For example, insurance can be cheaper since you can prove that measures are in place to optimise security and reduce the chance of a cyber attack. The certification also goes hand in hand with ensuring that you are compliant with regulations such as the EU General Data Protection Regulation and the UK Data Protection Act 1998, as the steps it requires also help you to meet checks for these regulations.

Improve awareness of cyber threats

As the government pushes companies to become Cyber Essentials Certified, it is also self-fulfilling in that it also increases the overall awareness of cyber threats and the need to protect against them. This means that internally they can also put measures in place such as delegating responsibility for data management, disposal and more.
For more information about how Systems Assurance can help you resolve any weaknesses in your online security, take a look at our dedicated internet security page.