Is your company’s data protected against cyber attacks? Cybercrime is estimated to cost the world over $6 trillion annually by 2021. Cyber security is no longer optional today, it’s a must. Cyber Essentials certification is just the ticket!
Cybercrime affects all businesses
We often hear about large data breaches in the news headlines. In April this year, some 540 million Facebook users’ data was ‘up for grabs’ on unprotected servers, quite a scandal! Whether you work for a large company or a small business, you are exposed to cyber risks these days. You may not know it but small companies are at high risk. A report published by the Federation of Small Businesses found that 2 out of 3 small businesses have been a victim of cybercrime, suffering an average of 2 cyber attacks a year.
It is for this reason that the UK Government has set up the Cyber Essentials certification scheme. The certification aims to protect you against some of the most common cyber attacks. Unskilled hackers are responsible for a large majority of cyber attacks and getting the basics right from the beginning can safeguard you from potential attacks.
According to a 2018 Report by the Identity Theft Resource Center, there were over 1,200 data breaches reported in 2018 and almost 500 million records exposed during cyber attacks. Obtaining your Cyber Essentials certification as soon as possible can help reduce your vulnerability to these risks. Communication is also critical when it comes to keeping your data secure. You should ensure that all relevant personnel in your company know about the availability of the Cyber Essentials certification.
Cyber Essentials and GDPR
The Cyber Essentials certification is aligned with some of the requirements of GDPR. Although it won’t cover all your GDPR responsibilities, it will provide a certain level of security to your data and peace of mind. Even the Information Commissioner’s Office, which is responsible for upholding the GDPR in the UK, recommends Cyber Essentials certification as a good starting point in cyber security.
More reasons to get certified
Having the back-up of the National Cyber Security Center (NCSC) is another good reason to obtain the certificate. Anne W, Head of Commercial Assurance Services at NCSC, put it this way, ‘the NCSC is committed to nurturing the Cyber Essentials Scheme towards fulfilling its role in helping to make the UK one of the safest places to live and do business on-line’. Since its launch in 2014, the NCSC has certified almost 30,000 companies through the Cyber Essentials scheme. Once certified, your company will be listed in the NCSC directory of organisations awarded the Cyber Essentials Certificate.
Whether you are a contractor or a consultant, if you work with central or local government, you should definitely get Cyber Essentials certified. Not only will this strengthen your resilience against cyber attacks, it will also demonstrate your commitment to keeping public data safe. With increasing competition in the architecture, engineering and construction (AEC) industry in the UK, the certification can give you an edge on your competition, enhance your professional credibility and thereby help you attract more business.
What Cyber Essentials Certification covers
The main areas covered by the Cyber Essentials Certificate are:
- Securing your internet connection
- Securing your devices and software
- Controlling access to your data and services
- Protection from viruses and other malware
- Keeping your devices and software up to date
The certification process
The Cyber Essentials certification scheme has 2 levels. The ‘Standard’ and the ‘Plus’. At the time of writing, the Standard certification is based on self-assessment and costs £300+VAT. The Government has made it easy for companies without much IT expertise to apply for the certification. The first step is to select your Certification Body. Then you just need to ensure that your IT meets all the requirements set out by the Scheme. After that, you answer a questionnaire. The Certification Body will then verify your responses. If all is well, they will issue you with the Cyber Essentials Certificate.
You might also want to consider Cyber Essentials Plus. This premium certification uses the same set of requirements as the standard one. However, it costs more because it takes an independent assessment of your company’s IT by a Certification Body. In either case, the Certification Body will guide you through the entire process and help you get your certification.
That’s it! It’s not as hard to get as you might have thought, is it? Would you agree that the Cyber Essentials certification is well worthwhile? Please leave a comment below.
At GlobalCAD, we are a leading outsourcing partner for CAD and BIM services, trusted by construction and engineering companies of all sizes. Don’t hesitate to get in touch to find out how we can help you with your projects.