One of the most surprising things I still hear from SME teams is the line, “Why would anyone want to target us.”
The reality is very different.
The majority of cyber crime we see today comes from untargeted attacks. These can be anything from an attacker vulnerability scanning huge ranges of IP addresses, essentially trying thousands of digital door handles until one opens, to vague opportunistic emails carrying malware. Attackers are not only chasing the big fish. They are going after everyone.
“It is not if you will be attacked, but when.”
Your door has already been tested, even if you do not realise it. The scans that run on your public network address or the suspicious invoice emails in your mailbox are proof that someone has already tried your handle.
The UK National Cyber Security Centre wants to make the country the safest place to live and do business online. This mission sits right at the top of their website. The government Cyber Essentials scheme is an important part of this plan. It is not a complete solution, but it is a strong starting point for SMEs wanting to show they take cyber security seriously.
Here is why you should get certified.
Your customers and partners will see you as a safe choice
Once you complete the assessment and update your IT practices and policies, you can display the Cyber Essentials badge. This is more than a logo. It shows anyone who wants to work with you that you take IT security seriously. It shows you understand the risks of cyber crime and have taken simple steps to prevent attacks and data loss.
You will have a balanced and usable password policy
Security must protect users without making their day impossible. Many companies sit at one of two extremes.
No password policy at all, which leads to weak passwords like 123456 or password1, both of which are easy to guess.
Or extremely strict policies that force passwords like Y77Hfr89*!r54, which users cannot remember. This leads to passwords being written down which defeats the purpose.
Cyber Essentials helps you strike the right balance. It enforces strong password standards while allowing passwords that are memorable.
Your antivirus might not be as secure as you think
To pass Cyber Essentials you need good, up to date antivirus protection. Are you sure your current product is both current and effective.
Most successful attacks start with malicious files running on an unprotected machine. At CETSAT we deploy Webroot Managed Antivirus which allows full central management. Our engineers can monitor out of date workstations, virus detections, and any unprotected devices across your organisation.
Protect the edge of your network
Many businesses do not have a dedicated firewall protecting their network. Smaller organisations often rely on a basic router which only provides minimal protection. Cyber Essentials ensures that your firewall has suitable configurations in place to block common attacks.
We partner with SonicWALL which is one of the most trusted firewall vendors in the industry. A properly configured SonicWALL does far more than a legacy router. It can scan for viruses during downloads, filter inappropriate content, prevent data loss, and enforce application level controls.
A strong first step on the road to the twenty fifth of May
The General Data Protection Regulation came into force on the twenty fifth of May and the consequences of non compliance are significant. Cyber Essentials is a strong first step as you work towards GDPR readiness.
It shows that your organisation understands the threat and has taken reasonable steps to prevent an attack or data breach.
Has your organisation taken the right steps to prevent a breach. It is not a mandatory requirement, but the Cyber Essentials certification is a very strong starting point.
