Nowadays across all industries, when seeking service providers, most companies will carry out research in advance of engaging with potential business partners. In the post GDPR landscape, data security and cyber security have become key considerations for companies seeking new business relationships. It is reaching a point where you need to have some tangible way to provide evidence to prospective clients that you take cyber security seriously. By way of example, currently in the UK, Cyber Essentials certification is a requirement for all suppliers looking to tender for MOD contracts.
Separate your business from the competition.
With the need to prove GDPR compliance and reduce potential reputational damage from a data breach, large enterprises have been reviewing all parts of their IT infrastructure, including third party suppliers. It could be that your business loses potential contracts after nothing more than a cursory web search or you may not make it past the first round of a tender process because your business can not demonstrate its commitment to security and compliance.
Cyber Essentials Certification.
Cyber Essentials is a globally recognised security standard for IT which can benefit SMEs in the following ways:
- Depending on where your IT security levels are currently, it will raise the security level to a defined standard. If you are already at that level, it will provide recognition for your efforts.
- It demonstrates to your clients that you take IT Security seriously and will set you apart from competitors.
- It can raise security awareness levels among staff and improve overall security across an organisation.
- It will provide your business with a standard of security that could mitigate the risk of approximately 80% of cyber-attacks on your business.
- It may help to reduce your cyber insurance premiums.
Cyber Essentials can provide SMEs with a very achievable first certification. Cyber Essentials is a fast and cost–effective way to provide assurance to your customers that you have considered and sufficiently addressed the basic security elements of your IT systems. Upon reaching the standard you can then display the Cyber Essentials badge on your websites, email signatures and headed paper, all of which may set you apart from your competitor.
What is involved and how do I achieve certification?
There are two certification options:
- Cyber Essentials: This option involves a self-assessment, after which your answers are verified and a decision is made.
- Cyber Essentials Plus: This option is the same with the key difference being that the verification is carried out by an independent certification body.
There are five key areas of control that are considered when seeking this certification:
- Firewalls and Internet Gateways
- Secure Configuration
- User Access Control
- Malware Protection
- Software Updates and Patch Management
This is something your business can undertake itself especially if you have an internal IT department or IT person then it should be achievable. Depending on the level your existing infrastructure is at, it could simply be a matter of completing the self-assessment and achieving certification. For businesses who have not looked at their IT infrastructure from a security perspective previously, then there may well be additional devices required to put the necessary systems in place.
Intuity offer a guided service to take you through the process and ensure the certification is achieved. For our existing clients, any systems that we implement incorporate elements of security by design so achieving this certification immediately becomes a less daunting prospect.
For more information on how to achieve Cyber Essentials Certification get in touch with one of the team at firstname.lastname@example.org