Over the last few years, scams and cyber-attacks have become an imminent danger for businesses in the UK.
As firms become increasingly reliant on technology to exploit the internet to grow, they are making themselves vulnerable to malicious cyber-attacks. At the same time the use of mobile devices and cloud services has exacerbated an already high threat level.
When it comes to cyber crime, small businesses are not exempt from the disruption and the consequences of attacks that impact larger organisations.
If anything, a smaller businesses size can make them more vulnerable, as SMBs are perceived as a softer target because of a lack of resources, absence of security policies, security awareness and low investment in cyber defences.
According to the Cyber Security Breaches Survey 2019, 78% now see cyber security as a high priority. However, only 15% of small businesses have a formal cyber incident management process.
Two-thirds of SMBs have suffered a cyber attack in the past 12 months according to the 2018 State of Cybersecurity in Small & Medium Size Businesses report.
According to the Business Population Estimates conducted by the UK Government, almost half (43%) of British SMBs admit to having no business continuity, disaster recovery or crisis management plans in place, despite almost the same number of UK businesses (46%) suffering at least one cyber security breach or attack and are clearly not prepared to manage the consequences of an attack.
SMBs are at risk of being breached either through a lack of awareness or from taking no actions to address their cybersecurity.
A KPMG survey suggests that only 23% of small businesses prioritise cybersecurity as a top concern. This is being said even though 60% of small businesses have experienced a cyber breach that led to brand damage and loss of clients.
As an SMB, the UK Government is helping by providing a range of standards and guidelines and the most useful of these for SMBs is Cyber Essentials.
What is Cyber Essentials?
Cyber Essentials is the UK Government backed scheme administered through the National Cyber Security Center (NCSC) that aims to show organisations how to protect themselves and prevent the most common cyber attacks.
The NCSC claims Cyber Essentials can help eliminate the risk of 80% of cyber attacks and the standard provides simple but effective guidelines that protect organisations against cyber attacks.
Organisations that achieve Cyber Essentials can demonstrate that they have considered and committed to boosting their security defences against cybercrime and have reduced the vulnerability of their business by meeting an accredited government standard.
The primary aim of this scheme is to encourage and guide organisations to adopt the best practices in their information security strategy and once fully implemented it provides organisations with basic protection against the most common cyber threats.
Not every organisation has the time or resources that are needed to develop a full-on approach to cybersecurity. So the Cyber Essentials scheme has been designed to fit with whatever level of commitment an organisation is able to sustain.
The simplest way is to start to familiarise yourself with cybersecurity terminology, gaining sufficient knowledge and awareness to begin securing your IT.
If as an organisation you need more certainty on how you apply cybersecurity, you can obtain basic or entry level Cyber Essentials.
For those organisations who need to take their cybersecurity to a higher level, you can go for Cyber Essentials Plus certification.
Benefits of Cyber Essentials for SMBs
Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks every day, according to figures from a study from Hiscox, a specialist insurer.
According to Hiscox, almost one in three (30%) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.
Most small businesses recognise the threat that cyber criminals pose on a global scale but need convincing of the risks that they are facing with their own operations, considering themselves to be ‘too small’.
Below are five benefits that SMBs can look forward to when getting certified for Cyber Essentials.
1. Protection against prevalent cyber-attacks
Common cyber-attacks exploit basic weaknesses in an organisation such as the lack of updated software and exploiting known vulnerabilities that have not been patched. Often, these types of attacks are simple to defend against with simple to follow strategies and Cyber Essentials provides those.
The Cyber Essentials certification offers peace of mind that an organisation’s defences will protect against these common cyber attacks because cyber criminals are looking for targets which do not have the appropriate technical controls in place.
The majority of cyberattacks are not planned or highly targeted, they are automated and indiscriminate, exploiting known vulnerabilities within commonly used IT systems.
According to a report from the UK’s National Crime Agency (NCA). The average age of those arrested for malicious hacking activities was just 17 years old.
And the consequences of a cyber-attack can be devastating, disrupting businesses, causing considerable financial and reputational pain, and possibly have a direct impact on your customers if their data has also been breached.
Being fully Cyber Essentials compliant mitigates the risks faced by businesses such as malware infections, social engineering attacks and hacking.
2. On the road to being GDPR compliant
The General Data Protection Regulation (GDPR) came into force in May 2018. As part of this regulation, organisations that are processing personal information of EU citizens must protect this data against theft and unauthorised access. If an organisation is found to be negligent to the GDPR in the event of a breach, the business could face fines of up to 4% of their global turnover.
The GDPR in the UK and the notification of all data breaches is delivered via the Information Commissioner’s Office (ICO). By applying the technical controls of Cyber Essentials it helps demonstrate to the ICO that you as a business you are on the right path towards GDPR compliance. Cyber Essentials is recommended as a good starting point but it’s not a complete solution for all your GDPR obligations.
3. The importance of Cyber Essentials
Cyber Essentials is an increasingly important certification to achieve for businesses and organisations in the UK. For smaller businesses with little or no IT support or expertise, it provides a basic introduction towards cybersecurity hygiene practices.
If your business involves certain technical services or handling of sensitive information, then it makes sense to be Cyber Essentials compliant. For SMBs that are looking for a government contract, Cyber Essentials is mandatory to be eligible to bid for government contracts.
4. It shows that you take cybersecurity seriously
Becoming Cyber Essentials certified can help you establish the trust of clients and partners. It shows that you have made a promise to take your cybersecurity responsibilities seriously.
The rise in awareness of the impact of a cyber attack or the financial and reputational consequences of a data breach, have seen an increased demand for evidence that your business takes its responsibilities seriously and invests in cyber protection.
Once you are certified, you will be able to display a Cyber Essentials certification and be listed on the Directory of organisations awarded Cyber Essentials.
5. Have a clear picture of your organisation's cybersecurity situation
Going through the certification process will provide clear insights into your organisation’s cybersecurity position, providing focus on where you need to bolster your defences.
To help you adopt a more robust approach to cybersecurity don’t forget to:
- Become more involved in understanding how the data is managed and protected.
- Ensure to assess external vendors in partnership with IT, as third parties in the supply chain are often key sources of vulnerabilities.
- Communicate externally in a way that makes customers feel safe, without revealing too many details.
- Know and understand the relevant data governance regulations on how you collect, use and disclose customer data.
Cyber Essentials is just one step of the journey towards securing your organisation against cyber attacks. As an outside provider Worktools can do initial security assessments and ensure that everything is secure, both locally and through remote access.
We can also help create your cybersecurity plan so you know how to prepare and if necessary respond to an incident.
Image source: www.freepik.com