Cyber Essentials Certification
WHAT IS CYBER ESSENTIALS
The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to help demonstrate to customers and other stakeholders that the most important cyber security controls have been implemented. The scheme provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.
1. Secure the access to and from the Internet
2. Secure devices and software
3. Control who has access to data and services
4. Keep devices and software up to date
5. Protect from malware and viruses
CYBER ESSENTIALS AND GDPR
GDPR, which came into effect on 25th May 2018, is intended to strengthen and unify data protection for all individuals within the European Union. It is the most important change in data privacy and security regulation in 20 years.
Some of its key points are:
A. Increased Fines – Fines can be up to 4% of global turnover or £17.5 million, whichever is higher.
B. Opt-in Consent – Users must give clear unambiguous consent for their data to be collected and processed. And you must have proof of how, why and when the consent was given.
C. Breach Notification – The ICO must be informed within 72 hours of any data loss and users informed “as soon as possible”.
The Cyber Essentials scheme offers a big step towards being compliant with GDPR.
WHY GET CERTIFIED
Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Implementing these measures can significantly reduce your vulnerability.
It does not offer a silver bullet to remove all cyber security risk. But it does define a focused set of controls that will provide cost-effective, basic cyber security for organisations of all sizes.
Recently, the WannaCry ransomware cyberattack crippled the NHS and infected computers in 150 countries – it’s organisations of all sizes that are at risk.
Failing to protect your business can be costly in other ways, too. One company that suffered a cyber attack was fined £60,000 by the Information Commissioner’s Office (ICO). An investigation by the ICO found the company failed to take basic steps to stop its website being attacked.
Cyber Essentials certification will help you to avoid suffering an attack or being penalised for a lack of action. We can help you along the path towards having the technical controls in place and gaining certification.
For further information about the business benefits of achieving certification and to find out how Cyber Essentials can help guard you against cyber threats, call us on 0121 399 0050.