Where do I start to work on my business’ cyber security?
With the ever increasing threat of cyber attacks, and the shift in the number of cyber attacks or attempts that we deal with on a daily basis we want to give you a guide on how to get started working on your cyber security. One of the best ways to get your cyber security journey started is to go through Cyber Essentials. Let’s dive into what this is and what the benefits are to your business.
Cyber Essentials is a government scheme which provides an IT security standard for you to achieve accreditation with. Implementing Cyber Essentials ensures you have the technical controls in place to help protect yourself from over 80% of Internet based attacks. This is something which we think is an amazing statistic and is one of the best arguments for getting your business through Cyber Essentials. There are five control areas that Cyber Essentials requires you have configured correctly, these are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
The actual process involves answering a self-assessment question set around these controls. Once you achieve the standard, you then will be able to use the Cyber Essentials logo to market and proudly display your accreditation to your customers. But you will also get Cyber Liability Insurance up to £25,000 of indemnity with a CE accreditation, which is another big advantage. We like to use the analogy of home security alarms or CCTV on your house, if you put these protection measures in place you are deterring attackers and making it more difficult to gain access to your organisation’s data, so they are more likely to move on to another target. We must stress that these measures will not stop a hacker should they want access, but it will make it considerably harder and take more of their time to gain access. But remember, this helps to protect your business from over 80% of attacks!
But this is only the first step on the journey of cyber security, as this purely deals with the technical controls for IT. There is also IT governance to consider which is where IASME comes into play. IASME is an additional question set that covers Cyber Essentials and is expanded to include the processes and policies you have in place around data assets, risk assessments, people and disaster recovery. IASME is internationally recognised as an alternative to ISO27001 for smaller businesses due to the lower financial costs required to achieve it but gives you a similar standard to attain and further protect your business with.
The cyber security journey with MJD as your Managed Service Provider would follow the steps in our infographic to the left.
It is important to remember that even when you reach step 8, the journey doesn’t stop. Cyber threats are changing and evolving constantly, so yearly reaccreditation and improvements implemented to get recertified will always be required to keep your business protected. Here at MJD we place a high importance on ensuring the advice we give our clients helps them to keep improving their cyber security but we would always encourage working with us on a cyber security plan and starting your business on this journey.
As part of our continuous improvement internally one of our Cyber Security Specialists, Craig Lambourne, has successfully become a Cyber Advisor with NCSC on top of his existing qualifications with Cyber Essentials and IASME. We want to take this opportunity to not only announce this new service to our Cyber Security offering but also congratulate Craig on this achievement! If after reading this blog you have further questions or want to get started on your cyber security journey just get in touch with the team here at MJD.