Information and communications technology (ICT) forms the backbone of almost every company by supporting essential business processes and operations. Systems and data need to be protected as successful cyber attacks can seriously damage both operations and brand reputation. The costs associated with successful cyber attacks can run into tens of thousands of pounds or even more.
Cyber attacks against companies’ systems are on the increase. As cyber threats and ICT security challenges continue to evolve, regulations and requirements have been implemented to mitigate them. Businesses and organisations need to ensure that their ICT security measures are constantly reviewed and kept up-to-date to minimise business disruption and establish trust in the security and reliability of their systems.
The UK Government’s National Cyber Security Strategy is a series of measures designed to make conducting business online in the UK safer and more transparent. In parallel with the new EU General Data Protection Regulation (GDPR) the aim is to reshape the way all organisations approach data privacy and so enhance the protection provided to individuals’ personal data.
A key part of this strategy is the Cyber Essentials scheme. Developed by the UK Government as a national standard, Cyber Essentials certification demonstrates that an organisation has taken steps to ensure the security of its IT infrastructure through the implementation of a basic set of technical controls. From the 1st October 2014 all organisations supplying the UK Government must be compliant with the Cyber Essentials standard.
The Cyber Essentials standard covers 5 key areas:
Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.
Boundary firewalls and internet gateways provide a basic level of protection where a user connects to the Internet. While antivirus software helps to protect the system against unwanted programs, a firewall helps to keep attackers or external threats from getting access to your system in the first place. The firewall monitors all network traffic and has the ability to identify and block unwanted traffic that could be harmful to your computer, systems and networks.
Access control and administrative privilege management involves protecting user accounts and helping prevent misuse of privileged accounts is essential for any cyber secure system or network. 88% of insider threat incidents included privilege abuse, according to the 2014 Verizon Data Breaches Investigation Report (DBIR).
Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks.
Malware protection refers to protecting against a broad range of malware (including computer viruses, worms, spyware, botnets and ransomware), including options for virus removal that will help protect your computer, your privacy and your important documents from attack.
33% of small businesses and 65% of large businesses reported a cyber breach or attack in the past 12 months. Overall, 1 in 4 of all businesses experienced a cyber attack or breach in the past year, costing thousands of pounds and causing major disruption to everyday operations. Most cyber attacks are relatively basic and following the practices of Cyber Essentials will ensure a good level of basic security controls are in place to help prevent them. Cyber Essentials is designed by Government to protect your organisation from the most common Internet threats.
As a globally recognised provider of independent testing, inspection and certification, TÜV SÜD is the perfect partner for your business on the journey to becoming Cyber Essentials certified and demonstrating commitment to IT security and the protection of your customers’ data.