We’ve said it before, and, alas, we’ll say it again: small businesses are underprepared for cyber security incidents and stand to lose the most when they strike. While SMEs face the same threats as larger organisations, many lack the security posture and incident response plans necessary to defend against, and react to, attack.
Statistical evidence all points in the same direction: if you’re a small business, you’re in trouble. Indeed, 60% of small organisations close within 12 months of suffering a data breach.
By way of example, the PSNI has reported that a Northern Ireland company was almost forced out of business by a ransomware attack.
DCI Dougie Grant told the BBC that the company’s full IT system was lost, meaning it could no longer trade. The PSNI was able to help the company, but others have suffered irreparable damage as a result of cyber crime.
So, what can smaller organisations do to combat cyber crime?
Cyber Essentials: a baseline of cyber security
Launched in 2014, the UK Government’s Cyber Essentials scheme provides a set of five controls that organisations of all sizes can implement to achieve a baseline of cyber security, and against which they can achieve certification to prove their credentials. These five controls can help prevent 80% of the most common attacks.
Follow the links below for more information on the five controls:
- Secure configuration
- Boundary firewalls and Internet gateways
- Access control and administrative privilege management
- Patch management
- Malware protection
Cyber Essentials certification
There are two levels to the Cyber Essentials scheme: Cyber Essentials and Cyber Essentials Plus.
- Cyber Essentials requires a company to complete a self-assessment questionnaire, which must be signed off by a senior company representative and then verified by an external certification body. An external vulnerability scan is also required if the company chooses to be certified by a CREST-accredited certification body such as IT Governance.
- Cyber Essentials Plus requires a more advanced level of assurance. In addition to meeting the requirements of Cyber Essentials, organisations must undergo an internal assessment and internal scan conducted on-site by the certification body.
Cyber Essentials: the benefits of certification
Certification to the Cyber Essentials scheme provides numerous benefits, including reduced insurance premiums, improved investor and customer confidence, and the ability to tender for business where certification to the scheme is a prerequisite.
Cyber Essentials certification has been a requirement for organisations bidding for certain government contracts involving the handling of sensitive and personal information, and the provision of certain technical products and services, since October 2014.
Cyber Essentials certification from £270
IT Governance is a CREST-accredited Cyber Essentials certification body. To find out how our fixed-price Cyber Essentials solutions can help you achieve Cyber Essentials certification for as little as £270, click here >>