Clearview National April 2019 - Issue 209 | Página 29
PROUD SPONSOR OF THE
CYBER SECURITY FEATURE
CYBERSECURITY
CYBER SECURITY BREACHES: WHEN NOT IF
» » CYBER SECURITY HAS BECOME A
fundamental component of business
operations. As cyber criminals get more
sophisticated and threats continue to evolve
it is vital that companies invest in security
policies, procedures and products regardless of
size, market or location.
Small and medium-sized enterprises (SMEs)
are as much at risk from data breaches as large
organisations. According to the Cyber Security
Breaches Survey 2018, 42% of small businesses
identified at least one breach or attack in the
last 12 months.
However, it is not an insurmountable problem
and SMEs can protect themselves against common
cyber-attacks by undertaking a certification
process. Cyber Essentials is a government and
industry backed scheme to help all organisations
protect themselves against common cyber-attacks.
In collaboration with Information Assurance for
Small and Medium Enterprises (IAMSE) they have
set out basic technical controls for organisations
to use which is annually assessed.
Here are four reasons to get certified:
MITIGATE CYBER RISKS
Whilst no security strategy can stop
100% of attacks, the aim is to mitigate
the risk as much as possible. The majority
of attacks exploit basic weaknesses in IT
systems and software, and these can be quite
straightforward to defend against. The Cyber
Essentials scheme aims to provide businesses
with a strong base from which to reduce the
risk from these prevalent cyber-attacks.
IDENTIFY WEAK SECURITY
LINKS IN YOUR SUPPLY CHAIN
As the saying goes, you are only as strong
as your weakest link and this is especially
true when dealing with third parties that are
outside of your domain of control. The 2017
Data Risk in the Third-Party Ecosystem study
found that 56% of respondent organisations
had been affected by a third-party data breach,
up from 49% the previous year. This should
be a major concern to any organisation as
GDPR makes it clear that organisations are
accountable for data breaches caused by any
third-party service providers they appoint to
handle data.
By using a third party that has achieved
certification via a scheme such as Cyber
Essentials or IASME governance standard,
organisations can show that they have taken
steps to conduct due diligence within its supply
chain.
SHOW COMMITMENT
TO CYBER SECURITY
By displaying the Cyber Essentials badge
on its website, an SME can demonstrate
to customers, partners and investors their
commitment to cyber security. This is
particularly beneficial for organisations that
are storing personal information on customers
and employees, or hosting commercially
sensitive data. Through certification, SMEs can
proactively provide sufficient guarantees that
regulatory requirements will be met and the
rights of data subjects protected.
COMPETITIVE ADVANTAGE
Improving cyber security within its supply
chain is a priority for UK Government. It has
decreed that suppliers must be compliant with
the Cyber Essentials scheme in order to bid for
contracts which involve the handling of sensitive
information and the provision of certain technical
services. However, Cyber Essentials presents a
competitive advantage to certified SMEs when
competing for all business or tendering for
public sector proposals as they will be able to
demonstrate their security credentials and their
diligence towards defending the integrity of their
customers’ data.
Certification has many benefits; it ensures
standardisation within the supply chain and is a
good differentiator for SMEs who provide services
as it shows a diligence to information security.
The UK National Cyber Security Centre has
taken a leadership role in providing the technical
expertise for the Cyber Essentials scheme, which
ensures that it encompasses the county’s best
technical insight and experience. Cyber Essentials
certification can help SMEs implement strong,
cyber security hygiene practices and benefit from
the new digital world.
ABOUT CYSURE - CySure is a
cyber security company founded by
experts with extensive experience
in operational and risk management.
The company has offices in London
(UK) and California (USA) and
CySure’s flagship solution – Virtual
Online Security Officer (VOSO) is
an information security management
system (ISMS) that incorporates GDPR,
US NIST and UK CE cyber security
standards to guide organisations
through complex, emerging safety
procedures and protocols, improve
their online security and reduce
the risk of cyber threats.
www.cysure.net
Call 0113 394 2259/07584 489555, email [email protected] or visit jelf.com
C L E A RV I E W-U K . C O M » A P R 2019 » 29