If you're here because you're already familiar with Cyber Security, then you should already know 'what' it is and 'why' you need to employ 'Cyber Esssentials'
If all of this is new to you, a little education before we make a decision may be a good way of approaching the subject. This may appear to be counter-intuiative, but there's a lot to know
Let's look at the 'what' of these Cyber Security defences, and then we'll look at why they need to be implemented
The members of the Board need to realise that the Cyber Threat is real. That it exists.
And it is their responsibility to lead the charge.
Without Leadership from the very top of the company, cyber security is sure to fail.
The problem that most SME's have is that they think this responsibility lies with their (outsourced) IT department and this couldn't be further from the truth.
This data is your data. This is your business. And it is the Board's responsibility.
When you realise that Out-Of-The-Box software and equipment is configured with just enough to get it going, you also realise that this might just be a security flaw.
They make them by the thousand, all with the same configuration and login credentials. Which means that everybody (yes, this includes the cyber criminals too) knows what these settings are. They are publically available. Suddenly, deploying Cyber Essentials is an easy decision to make, isn't it?
Changing credentials and configuring a few ticks-in-boxes is really easy to do and can make all the difference to your organisation's Cyber Security.
The vast and huge majority of these changes are completely cost-free and in most cases, no special skills are required.
Cyber Security is easy to implement at a realistic, reasonable cost.
You can download the Cyber Essentials questionnaire from here and use it as a guide to harden your network and information security. You can do this now. Today. For free.
Cyber Essentials has been designed by the NCSC – Britain’s National Cyber Security Centre. It's backed by the Government, administered by IASME - the Information Assurance for Small and Medium Enterprises Consortium, and Archie Consulting delivers it to you.
IASME Governance is a framework, a cyber security standard, which is an affordable and achievable alternative to the international standard, ISO 27001.
It brings order and structure to your organisation's approach to Cyber Security, the way you store and permit usage of documentation, access rights and permissions for users, keeping track of who does what, and what does what. It takes the 'blunderbuss' out of the equation and turns your business into a focussed, managed machine.
This Governance structure is purpose built for small and medium sized enterprises, so it is perfect for you.
The standard allows companies just like yours to demonstrate a heightened level of Cyber Security at a realistic cost. Achieving the standard shows your customers and suppliers that you are taking the right steps to properly protect your data - theirs too! It tells them that as a company, you’re maturing – you’re growing up.
As well as a complete Cyber Essentials assessment, IASME Governance certification includes your GDPR assessment, and is available either as a self assessed certificate or an on-site audit. That's the Gold standard.
It should come as no surprise, but these Cyber Security defences have already been thought through by some very clever people. They work for the NCSC, they’re sharper than me, and they're sharper than you.
And we call these defences ‘Cyber Essentials’.
You don’t have to design and build these solutions; that's not your job. You only need to implement them.
Cyber criminals are working twenty-four hours a day, seven days a week. They never, ever stop. From organised, professional firms who offer 'Crime-as-a-Service' to 'script-kiddies' who still live with their Mum. They are wreaking havoc across the globe, and they're using computers to do their dirty work – they’re Cyber Criminals, remember?
By implementing the right security measures as defined in Cyber Essentials, you can leave your office at night knowing that your defences are going to be working just as hard as the criminals do.
Relax, sleep easy – you’ve got your cyber security under control.
To gain more knowledge of Cyber Essentials, and how to get involved, hop on over to our dedicated Cyber Essentials page. There you can take your first steps towards certification.
'Why?' It's a very good question. Here are four ways in which you and your organisation can benefit from asking 'why?'.
The easiest way is to reduce your exposure, your vulnerabilities, through risk analysis. If you don't then you are leaving yourself exposed to the risk of cyber crime.
There are a number of criminal offences that you as a Director and/or business owner need to be aware of. Cyber Essentials lowers the risk of you being a victim or in a worse case being an accessory to these types of criminal acts.
The Crown Prosecution Service has collaborated with the NCSC and determined that ‘Cyber Crime’ is an umbrella term used to describe two closely linked but distinctly different types of criminal activity. These are:
Underneath this umbrella of definition we find:
There are more, obviously, but the take-away here is that even if these crimes are being committed without your consent, you may be getting a visit from the authorities because your network is being used. And you are accountable for your network.
Just like health & safety and tax returns, Cyber Security is your responsibility. And as a Director and/or business owner, you are duty bound to take reasonable steps to prevent this type of crime from occurring.
Ignorance, in the eyes of the law, is no excuse. But employing Cyber Essentials throughout your ICT estate deters these types of crimes from happening.
Taking the right steps and locking down your estate with good Cyber Security prevents the majority of crimes from happening in the first place. And that’s why we deploy Cyber Essentials.
You can reference the CPS document at https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance
Your customers and suppliers are going to be happier, and more willing to do business with you, when they know you're going to stick around. What's maturing, is your reputation.
The size of a company doesn't indicate its maturity. When your internal operations evolve from being egotistical, reactive and crisis-driven, and become proactive and goal orientated, a company is growing up.
When your customers see you spending time on how you operate internally, they'll want to do more business with you. Fact of life.
A clear indicator of a maturing business is when a company takes Information Assurance - Cyber Security, as it is now known - seriously. And an effective tool, at a realistic cost, is Cyber Essentials and IASME Governance.
Data leakage. “The unauthorized transmission of data from within an organization to an external destination or recipient.”
Data leakage is the theft of data. And ifyou use computers, everything is data. It's all data.
It could be a mistake. A well meaning employee, running against the clock, accidentally attaches the wrong document and sends it to the wrong person. One of your other suppliers, maybe? Oops!
Or it could be a disgruntled and soon-to-be-ex employee copying your address book and transmitting it via email, or copying it onto a memory stick, or from a laptop whilst they’re out of the office. And that’s just the internal threat.
Cyber criminals can extract data from your company without setting a foot inside the building. It starts with the ‘low and slow’ and in a matter of seconds there’s a data breach in the news. Low on the radar, slowly extracted and Boom! You wouldn’t know it was happening until it was too late.
Cyber Essentials helps you install security measures that stop data leakage in its tracks.
"What? I had no idea!"
You've all seen this before - it's a distribution curve, also known as a 'bell curve'.
The 'Innovators' live on the far left, they represent the first 2.5% of the take up. Innovators love bright and shiny technology, even though it costs more because it's brand new. Sadly, most innovations don't get further than here. 'Google +' anybody? How about 'Clippy' then, or a Samsung fire-starter?
The 'Laggards' occupy the far right and typically make up 15% of the population. Homer Simpson isn't even on the cutting edge of 'Laggard'. He's got his own point on the curve because he's buying his first VHS video player at the same time DVD technology is tipping into the Early Majority.
Cyber criminals. Where do you think they live on the curve?
Thinking about it, where do you think your competitors are on the curve? How about your suppliers, your customers -where are they? More importantly, where are you supposed to be?
There's a sweet spot where technology is dropping in price, where the bugs have been ironed out, and it's employable. It's easy to take it out of the box, make a few changes and you're having a great day. And unless you want your defences to be asymmetric because they're old and unsupported by the vendor, this is where you want your technology to be.
In the 'Early Adopters' bracket, not too close to the geeks and definitely before the 'Early Majority'. Perfect.
The active involvement of both the NCSC and IASME ensures that when taken to market, Cyber Essentials is always innovative yet fully developed. Add your maturing approach to the procurement of software and equipment, and you’re in front of the game.
Don’t be the last to know.
David is an experienced Threat Intelligence Analyst and a Fellow of the Chartered Management Institute
To know more about the real detail of Cyber crime, get in touch.
We love our customers, so why not book an appointment?
Geographically, Archie Consulting covers the whole of the South Central region - Dorset, Wiltshire, Hampshire, West Sussex and the Isle of Wight.
If you live outside of this area then maybe we can put you in touch with someone we know and trust.
Or do you just have a question? Drop us a line.
09:00 – 17:00
09:00 – 17:00
09:00 – 17:00
09:00 – 17:00
09:00 – 17:00