According to the Office of National Statistics 2020, Cybercrime is on the rise in the UK.
In November 2020, Hackney council was the victim of a ransomware attack. Personal details of council staff and residents were posted on the dark web, disrupting vital services during the pandemic and leading to hardship for some borough residents. They aren’t alone; a Freedom of Information request sent to 47 councils revealed that cyber-attacks had risen 213% over the previous year.
Sadly, most of these cyberattacks were entirely preventable. In fact, according to the National Cyber Security Centre, the vast majority of cyber-attacks are carried out by relatively unskilled amateurs. By effectively implementing the technical controls of Cyber Essentials and gaining certification, your business can protect itself from potential attacks while reassuring prospective clients about your commitment to information security.
Cyber Essentials is a government-backed scheme operated by IASME that aims to help organisations protect themselves from online cyber-attacks by employing technical controls and improving online security practices. The certification is flexible in its approach and scaleable to organisations of all sizes within all sectors.
There are two levels to the certification, Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is a self-assessed certification that ensures all necessary controls are put in place to stay secure. Cyber Essentials helps organisations protect Confidentiality, Integrity and Availability of data across devices and networks. Cyber Essentials Plus provides all the same controls but adds hands-on technical verification from an accredited 3rd party.
Cyber Essentials certification requires businesses to develop and implement an Information Security policy, Password and other IT policies, appoint a Data Protection Officer, categorise physical and informational assets and conduct risk assessment and risk treatment.
By obtaining Cyber Essentials certification, you have shown that your organisation has taken the initiative in the war on cybercrime.
Your clients want to know that you care.
For any organisations involved, or hoping to become involved, in the UK Governments supply chain, Cyber Essentials Certification is mandatory. Indeed, an increasing number of government and private sector contracts now require or prefer Cyber Essentials certification. The Ministry of Defence now requires Cyber Essentials throughout its supply chain.
While the UK may have left the EU, it is still bound to comply with GDPR. The penalties for being breached can be severe, as much as 4% of annual turnover. Should a breach occur, holding Cyber Essentials certification would show the Information Commissioners Office that you did everything in your power to protect client data and prevent a hefty fine.
A further benefit of Cyber Essentials certification is automatic cyber liability insurance for any UK organisation with an annual turnover of less than £20 million. For larger firms, holding and accreditation can reduce insurance premiums by as much as 20%.
You can obtain a Cyber Essentials Certification with the help of Synergos Consultancy. Get in touch now and take control of your organisation’s cyber security.
Our advisors will take you step-by-step through the Cyber Essentials questionnaire, providing expert guidance and advice to help you implement all the technical controls needed to protect your data.