Cyber Essentials: It’s Time To Be Proactive About Cyber Security

With cybercrime continuously rising and the threats and scams constantly evolving, it's no wonder that many businesses feel overwhelmed when it comes to cybersecurity.

In fact, cybercrime is so prevalent, that 49% of fraud in the past two years has been committed online. Scarily, 24% of this illegal activity saw victims lose over $1 million (£700,000).

Last year, we saw a significant rise in the number of UK organisations experiencing cyber attacks. It seems that as the average consumer is becoming digitally savvy, criminals are turning their gaze towards corporations.

Cyber Essentials is the UK Government's answer to helping businesses strengthen their cybersecurity arsenal.

David Gilbey, Director of Just Gilbey Ltd has recently assisted a Hull-based company with their Cyber Essentials Certification. We spoke to the IT Consultant to find out more.

Great to chat with you, David. What exactly is Cyber Essentials?

It's a Government-backed, industry-supported scheme that was originally created to help organisations protect themselves against common online threats.

There’s a lot to consider when it comes to cybersecurity and it’s so important for companies to have appropriate systems and processes in place to keep their data safe and demonstrate to customers that they take cybersecurity seriously.

The Cyber Essentials scheme helps shield organisations from approximately 80% of common cyber threats.  Implementing just five of the controls correctly will instantly help to protect your business.

How does it all work?

When you sign up, you need to verify that your IT is suitably secure and meets the standards that the Cyber Essentials scheme has set.

Evidence must be given to prove that your company does meet these requirements and some businesses may have to invest in additional IT solutions and systems in order for them to gain the Certification.

There's a Cyber Essentials self-assessment, which offers protection against the most common cyber threats. Providing that you have the in-house skills to understand the questionnaire and put the necessary changes in place, this is a really simple way of obtaining the Certification. It costs around £300.

Meanwhile, the Plus package is verified by a Certification Body. It goes a bit deeper than the basic self-assessment.

What's good about Cyber Essentials is that they allow you to buy as much or as little as you need.

How is Cyber Essentials beneficial to businesses?

Firstly, if we were all a little more aware of the increasing number of security risks and breaches out there, as well as the basic steps and procedures to mitigate this, it would be a lot harder for businesses to be caught out.

From a business perspective, the Cyber Essentials Certification can reassure your customers that you are serious about their data security. Of course, this can also result in you attracting new business because - with the Cyber Essentials badge - you are demonstrating that you are proactively taking measures to boost your business' cybersecurity.

In my opinion, the clever way the Cyber Essentials checklist is set out really helps. Although I would not recommend taking the tick-box approach, it certainly allows you to have a clearer understanding of the steps needed to ensure your business stays secure.

Can you tell us about your experience with Cyber Essentials?

The Directors of a local firm wanted to work towards gaining the Certification.

I sat down with them to discuss how their business worked and what current IT systems they had in place. We then went through the list, one item at a time, to see how secure the company already was.

From here, we could see what areas still needed a bit of work. We tackled the straightforward tasks first and then went onto the more trickier tasks.

I helped them to develop specific processes and refine their IT strategy so it not only clearly aligned with Cyber Essentials but also created a better outcome for their staff and clients.

Can businesses work through Cyber Essentials on their own, or do they have to bring in an IT expert?

By all means, do it yourself, but I think it’s about being able to understand the questions fully and implement them in the most effective way possible.

What we found was that many of the requirements could be easily met by using their existing equipment, but, without an IT Consultant to hand, the team may not have realised this and wasted money on unnecessary technology.

By hiring a consultant like myself, you benefit from the years of experience we’ve had refining and researching the best systems and processes for our clients.

What advice would you give a company that was considering Cyber Essentials?

Whilst easy-to-follow, the Cyber Essentials Certification may seem a bit daunting at first. But, what I will say is that it’s not about being completely perfect. You don’t have to meet every single requirement, if you can justify and show that you are thinking carefully about cybersecurity and implementing the right strategies to reduce your risk of attack.

You can find out more about Cyber Essentials here.

Meanwhile, discover more about Just Gilbey Ltd on their website.