Cyber Essentials Plus - Why is Cyber Security so important?
25th Mar 2020
"Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries."
"Cybersecurity risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organisation suffers from a successful cyber attack or data breach is on the rise."
(The following information is from the Official Cyber Essentials Website)
Protect your organisation against cyber attacks:
Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They're the digital equivalent of a thief trying your front door to see if it's unlocked. Cyber Essentials' advice is designed to prevent those attacks.
Poor training of remote workers can lead to a serious increase in data breaches, but this problem can be solved with some more investment in your cyber security.
We are Cyber Essentials Plus Certified:
Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.
The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.
Cyber Essentials and GDPR:
The GDPR is a far reaching set of regulations, intended to guarantee the privacy of individuals and protection of personal data, within the European Union.
Although the regulation demands that you take appropriate measures to protect the integrity and confidentiality of any personal data you hold, it does not provide a check list of measures for you to take. Instead, it specifies that you must determine your own cyber security approach based on the personal information you hold and the risk to individuals were that information be lost or compromised. The NCSC has published some information on the relationship between GDPR and cyber security.
Cyber Essentials can help with this, but it's not a solution for all your GDPR obligations. It's also important to realise that the information security which GDPR requires extends beyond cyber security to include things like the physical and organisational security measures necessary to protect personal data.
The Information Commissioner's Office (ICO), whose job it is to uphold the GDPR in the UK, recommends Cyber Essentials as 'A good starting point' for the cyber security of the IT you rely on to hold and process personal data. Cyber Essentials technical controls will give you a solid base on which you can build your cyber security as appropriate.
Our Trusted IT & MDM Specialist, Bryn Abbott, has put together a list of reasons to consider becoming Cyber Essentials Certified:
- Great opportunity to audit your internal security
- Helps protect against common threats
- Demonstrate to your customers that you take your cyber security seriously
- Great step to help with GDPR - also provides a skeleton framework for moving onto ISO27001