One of the best ways to appeal to a wide range of customers is to show that you take cyber security seriously. When clients choose your business, they are in part trusting that you'll protect their data, respect their privacy requirements and abide by UK law and the Data Protection Act. With the recent cyber security scandals and leaks, the public is becoming more and more aware of the power of their data, and the value of their information to corporations and third parties.
The introduction of the GDPR, or the General Data Protection Regulation, is on May 25th 2018. Businesses will have to abide by these regulations, or else face hefty fines, as well as a nasty loss of reputation amongst their customers.
If you want your business to stand out from the crowd, particularly in regard to security and privacy, Cyber Essentials might be the answer. It's essentially a set of cyber security standards that businesses can be measured against, and then receive certification for. Cyber Essentials certification demonstrates that your business is able to manage security threats effectively, and preserve the safety of your organisation and by extension the privacy of your clients. And although the Cyber Essentials certificate isn't mandatory for business, it may actually be required by some government contracts.
Cyber Essentials assesses your cyber security by examining five distinct areas; boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. They'll require information regarding your devices and software, as well as your approach to password management, administrative accounts and local admin rights, and exactly who has access to what data within your company. It's an incredibly thorough process that examines everything from permissions to patching - effectively making Cyber Essentials one of the best security certifications your business can obtain.
Your business can get certified by Cyber Essentials either through a self-assessment, or carried out independently by a certification body. The standard certification, simply called Cyber Essentials, is a three step process; select a certification body through one of their accreditation bodies, then verify that your IT is suitably secure and meets Cyber Essentials standards (this is something your certification body will help with). You then complete a questionnaire provided by your certification body, they'll verify your answers and you'll receive your certificate.
Alternatively, you can get the Cyber Essentials Plus certification. This process is slightly longer as the verification of your IT is carried out by the certification body. During this process they'll investigate your systems and your security, identifying any weak spots and scanning for your system's vulnerabilities. After they have ensured that your business meets the requirements, you'll receive the Cyber Essentials Plus Certificate.
Even if you aren't interested in obtaining certification from Cyber Essentials, the information on their website is still incredibly useful for businesses wanting to improve their security. You can find their advice for organisations here.
If you're interested in obtaining Cyber Essentials Certification, we're happy to talk to you about the implications and costs involved. Give us a call on 0191 482 0444