Why is cybersecurity so important?
Awareness of the threat posed by cybercrime is pretty good. By now we’re all used to seeing headlines about the latest data leak or ransomware saga.
However, among small business owners, there’s often a misconception that it only happens to large, high-profile organisations. After all, why would a cybercriminal attack a start-up or small business with little to steal?
Unfortunately, this couldn’t be further from the truth. An SME is successfully hacked every 19 seconds in the UK, according to Hiscox. And over 88% of UK businesses suffered a data breach in the last year. That’s a lot of SMEs when you consider that the FSB estimates small businesses account for 99.9% of the business population
For those SMEs who are successfully breached the fallout can be disastrous.
First, there’s the financial impact. Cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs every year. But it’s not just clean up costs, systems downtime during and after the breach could impact productivity and cost you valuable business. And this is before we factor in the payment of any ransoms or theft of financial assets.
Then there’s the reputational damage and loss of customer trust. It can take years to build customer relationships, a successful cyber attack can undo that in seconds.
Finally, a cybersecurity breach can come with legal consequences for your business. Data protection and privacy laws require businesses to secure any personal data they hold – both for staff and customers. If this data is leaked or compromised and you’ve failed to adequately protect it, you could face a hefty fine or regulatory sanctions.
Cybersecurity certifications are a relatively new invention. For example, the UK government’s Cyber Essentials scheme was only conceived in 2014 as a response to growing concerns about businesses’ cybersecurity.
However, while they might be new, certifications have quickly become an important part of the fight against cybercrime.
But what are they and how do they work? And, more importantly, why should you bother?
The Benefits of cybersecurity certifications
Although all the major certifications have subtle differences, they do offer a few key benefits in common.
- Peace of mind that your organisation is doing all it can to prevent cyber attacks, remain compliant and fulfilling its data protection obligations
- Proof to potential customers, partners and suppliers that you take cybersecurity and data protection seriously, giving you an edge over competitors
- The ability to bid for some government tenders and work with the NHS
- Protection from 98.5% of the most common cyber threats (Cyber Essentials and Cyber Essentials Plus)
You’ve probably heard the phrase ‘Cyber Essentials’ mentioned before, but what is it?
Cyber Essentials is a government-backed certification scheme, covering the essential actions every business should take to ensure its protection from cyberattacks. Think of it as ‘cyber hygiene’ – a bit like washing your hands, brushing your teeth or wearing a face mask.
The scheme assesses five key criteria:
- Is your internet connection secure?
- Are the most secure settings switched on for every company device?
- Do you have full control over who is accessing your data and services?
- Do you have adequate protection against viruses and malware?
- Are devices and software updated with the latest versions?
Getting Cyber Essentials certified is a requirement for many government tenders and can protect your business from 98.5% of cybersecurity threats.
But the benefits don’t end there. It’s also a great indicator of your business’s commitment to security, marking you stand out as trustworthy and safe to potential partners and customers.
Cyber Essentials Plus is the older, slightly more involved sibling of the standard certification. It has the same requirements as Cyber Essentials (you must have all five security controls in place) but differs in one crucial aspect.
While Cyber Essentials is self-assessed, Cyber Essentials Plus also includes an independent assessment carried out by a licensed auditor. After you’ve completed the self-assessment portion of the certification an auditor will either come to you or remotely access your network and manually check for the five Cyber Essentials controls.
This provides you with absolute assurance that your cybersecurity is up to scratch. And customers don’t have to take your word that you’re cyber secure – they can rely on the expertise of a professional.
To find out more about Cyber Essentials and Cyber Essentials Plus, download our handy guide.
Complying with GDPR has a reputation for being complex, costly and time-consuming. But it doesn’t have to be. At its heart, GDPR is simply about safely securing data and preventing breaches.
The Cyber Essentials certification covers some elements of GDPR compliance. However, for those customers who want complete assurance, we recommend the IASME Governance certification.
The IASME governance certification addresses many of the same things as Cyber Essentials but goes much deeper. The assessment criteria include 110 questions based on the following areas:
- Security management
- Information assets
- Cloud services risk management
- Data protection
- Security policy
- Environmental protection
- Operations and management
- Vulnerability scanning
- Monitoring backup and restore
- Incident management
- Business continuity
Many of these questions cover GDPR specifically, giving you a much greater coverage for GDPR compliance than Cyber Essentials.
To find out more about GDPR and the certification options open to you, download our guide.