Business today relies heavily on the internet, no matter what the industry. The online world is constantly evolving, from an increase in video conferencing and homeworking to ecommerce transactions and contactless payments. With more and more critical data being stored and processed over both private and public networks, it is important to be aware of the risk and take the right steps to protect your organisation. Below we will go through how to choose the right cyber certification to suit your needs.
The Threat of Cyber Crime
Did you know that almost half of UK businesses are affected by cybercrime each year? Security breaches are a very real threat for businesses of any size, whether that’s cybercriminals, viruses, or malwares. Poor judgement and errors made by employees, alongside weaknesses in your security system can often be to blame. It’s easy to think that it won’t happen to you or your business, but anyone can be a target. So, it’s important to take preventative action to protect your business.
Reassurance for Your Clients and Customers
Your customers and clients are trusting you with their data. A cyber certification can lay their fears to rest, as it enables your business to demonstrate that you have appropriate cybersecurity controls in place that not only protect your own data, but also any that you hold about them. Furthermore, it isn’t a one-time fix. Certification provides a solid foundation of best practice to be maintained within your business and will require renewal every 12 months. Upon certification, your business will be listed publicly in the Cyber Essentials directory and also qualifies for £25K optional Cyber cover.
Below we explore how to choose the right cyber certification for your business, looking specifically at the two most popular certifications – Cyber Essentials and Cyber Essentials Plus.
What is Cyber Essentials?
This is a government scheme that covers all types of organisations to make sure they are adequately protected against IT threats. Having this certificate protects both your business and clients from a potential threat and demonstrates that it is taken seriously. In fact, we recommend all parties are encouraged to adopt the scheme to keep the whole supply chain protected. It is essentially a set of security standards that businesses are required to meet to achieve certification.
The scheme covers the following key areas:
- Protecting your internet connections with firewalls and routers
- Protecting any device and software your business may use
- Regulating physical and digital access to your data and services with access control
- Defending against viruses and other harmful malware
- Ensuring devices and software are kept up to date
So, how do you choose between Cyber Essentials and Cyber Essentials Plus?
The certification level you choose will vary on who you are dealing with. If your company has contracts with government, or are in the supply chain, no matter how simple your set up is, you will need to have at least Cyber Essentials certification in place. However, Cyber Essentials Plus will give you that added level of security.
Your business IT infrastructure may only consist of a laptop and use of Office 365. However, many companies will still want you to have a certain level of certification to do business with you. The simpler your IT is, the easier it is to implement.
Are you looking for basic level security certification to prove to your potential and current clients that you have sufficient measures in place?
This is the lowest level of certification and is the minimum requirement if your business wants to submit a bid for a public sector contract. This certification is vital if this is an area where you wish to do business, as you will be responsible for handling critical information regarding public sector activity.
If you decide Cyber Essentials is right for you, SupPortal can organise your self-assessment questionnaire. There is a time and resource commitment required internally to provide suitable evidence for the self-assessment. An outsourced provider such as SupPortal can take a lot of this work off your shoulders. Working with you, we can ensure you are prepared to answer the questions and provide the evidence.
Assisted Cyber Essentials
Should you wish to take on the majority of the work in-house, SupPortal can provide an initial external vulnerability scan. However, doing so can not only be time consuming but will require sufficient IT knowledge to fully respond to the self-assessment.
Cyber Essentials Plus
Government organisations and contractors look for this certification when there is considered to be a greater risk. It is more comprehensive version of the Cyber Essentials certificate involving further external auditing and random testing. To gain this certification, you will need to be Cyber Essentials certified first.
As part of this process, the team at SupPortal would carry out tests on your software and systems to check for vulnerabilities to ascertain if you have the adequate protection against cybercrime.
Do you supply goods or services to government departments like the NHS, or MOD? Do you have remote workers? Or do you have third-party businesses that have access to your systems? Does your business require complex IT infrastructure, software and systems? Does your network cover a broad area? If you have answered yes to any of the above, then this may be the most appropriate certification for you.
If you want to truly demonstrate that your business is committed to high standards of cyber security protection, and you take data protection seriously, then this is a great choice for you. With this certification, you are going above and beyond to keep your client’s data safe. Furthermore, if your business commonly processes data of a highly sensitive nature, then it is well worth considering Cyber Essentials Plus.
Still confused about which cyber security certification is right for your business? Then get in touch with the team at SupPortal today.