SMEs that consider cyber security as unaffordable could be surprised – thanks to Cyber Essentials

When I first started my career, I attended several networking events a week, joining up to 30 other professionals from local SMEs, all sharing useful information about each other’s businesses (and trying to sell, of course).

I learnt a lot from these networking events, but what I learnt the most about some of these SMEs is that they don’t enjoy spending money.

Of course, it’s unfair to single out SMEs for not enjoying spending money, because who does? Out of pure curiosity, I recently attended another of these events. I didn’t attend as a delegate from IT Governance, I played the ‘here to catch up’ role and I made an interesting discovery.

I discovered that many of the attendees can’t afford to be cyber secure. Actually, let’s change that: I discovered many of the attendees don’t think they can afford to be cyber secure.

It costs either way

Deciding whether to invest in cyber security is a bit like being stuck between a rock and a hard place. On one side, you have cyber security – but it’s going to cost you – and on the other side you have cyber insecurity – but that’s going to cost you, too.

As the latest statistics suggest, your organisation is going to suffer some form of cyber attack sooner or later. It may be a hack that steals data and causes you to receive a hefty fine, or it could be a DDoS attack, which wipes out your website for two weeks, stopping you from bringing in new customers.

With that in mind, would you not rather spend that inevitable cost on something positive?

The Cyber Essentials scheme (CES)

Launched by the UK Government in June 2014, the CES was developed to provide guidance for basic cyber hygiene, and against which organisations can achieve different levels of certification. Certification to the CES demonstrates that the organisation has industry-minimum cyber security measures in place.

The CES is designed to be a cost-effective solution to cyber security. Although minimal, the CES will help stop over 80% of cyber attacks.

There are five sections covered in the CES:

  1. Secure configuration
    Implementing security measures to reduce unnecessary vulnerabilities when building and installing computers and network devices.
  2. Boundary firewalls and Internet gateways
    Providing a basic level of protection where an organisation connects to the Internet.
  3. Access control and administrative privilege management
    Protecting user accounts and helping prevent misuse of privileged accounts.
  4. Patch management
    Keeping the software used on computers and network devices up to date and resisting low-level cyber attacks.
  5. Malware protection
    Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware), including options for malware removal, which will protect your computer, your privacy, and your important documents from attack.

While these five may sound daunting to some, they’re not all that complicated. In fact, it’s highly likely that your organisation is already doing a few of them.

If your organisation can adhere to the five sections of the Cyber Essentials scheme and get certified, you’ll be able to tender for more contracts and – more importantly – protect your and your customer’s information.

What’s the cost?

There are two costs associated with Cyber Essentials: the cost of implementation and the cost of certification.

Certification with IT Governance begins at £300+VAT for a CREST-accredited certification.

The cost of implementation differs, as some organisations go into Cyber Essentials with one or more of the controls in place for some time.

Find out more

To learn more about the Cyber Essentials scheme and how it can help your organisation, I suggest that you view our Cyber Essentials infographic.