It is a universal truth that we all have to take the security of our data to heart, whether personally or commercially, writes Colin Tankard, pictured, Managing Director at data security company, Digital Pathways.
Trying to help us do exactly that, the Cyber Essentials tool kit, a UK government information assurance scheme operated by the National Cyber Security Centre (NCSC), was launched in 2014 and has become a key element of excellence for cyber security, in all its forms. Designed to be applicable to all sizes of organisations, from small to large, it offers help to those seeking to implement a robust data security strategy in order to protect both themselves and their clients.
It does this by encouraging organisations to adopt good practice in information security and includes a simple set of security controls to protect information from threats coming from the Internet. Most cyber attacks are basic in form and are often implemented by unskilled individuals. The controls, suggested by the Cyber Essentials platform, are designed to prevent such attacks. Cyber Essentials comes in two formats:
1. Cyber essentials – a self-assessment application that addresses basic threats and helps to prevent the most common attacks.
2. Cyber Essentials Plus – this is the same as for Cyber Essentials but rather than being self assessed it Instead, requires verification of cyber security, carried out independently by a Certification Body. This is a more rigorous form of certification.
I am a great advocate of the Cyber Essentials platforms. Adopting these measures can bring many benefits, including: the ability to tender for contracts that require a Cyber Essentials Certified supplier, enhanced customer trust and confidence, the provision of market differentiation and competitive advantage, protection of company assets and IP, the mitigation of common cyber threats and reduced insurance premiums. In addition, becoming accredited helps to meet the requirements of GDPR. For example, GDPR talks about controlling who has access to data and understanding where PII data is held. Cyber Essentials covers this and therefore, is able to provide evidence for your GDPR statements/policies, that as an organisation, you have considered these areas and have had the controls verified by an independent accessor.
Frankly, what’s not to like? In these times of ever-increasing cyber threats we all need to take responsibility and action in the fight against these criminal actions. The Cyber Essentials Platform is just one way of starting that journey.
