Clearview National March 2019 - Issue 208 | Page 28

CYBERSECURITY
Cyber security
breaches:
WHEN not IF
» » CYBER SECURITY HAS BECOME A
fundamental component of business
operations. As cyber criminals get more
sophisticated and threats continue to evolve
it is vital that companies invest in security
policies, procedures and products regardless of
size, market or location.
Small and medium-sized enterprises (SMEs)
are as much at risk from data breaches as large
organisations. According to the Cyber Security
Breaches Survey 2018, 42% of small businesses
identified at least one breach or attack in the
last 12 months.
However, it is not an insurmountable
problem and SMEs can protect themselves
against common cyber-attacks by undertaking
a certification process. Cyber Essentials is
a government and industry backed scheme
to help all organisations protect themselves
against common cyber-attacks. In collaboration
with Information Assurance for Small and
Medium Enterprises (IAMSE) they have set out
basic technical controls for organisations to
use which is annually assessed.
Here are four reasons to get certified:
MITIGATE CYBER RISKS

Whilst no security strategy can stop
100% of attacks, the aim is to mitigate
the risk as much as
possible. The majority
of attacks exploit basic weaknesses in IT
systems and software, and these can be quite
straightforward to defend against. The Cyber
Essentials scheme aims to provide businesses
with a strong base from which to reduce the
risk from these prevalent cyber-attacks.
IDENTIFY WEAK SECURITY
LINKS IN YOUR SUPPLY CHAIN

As the saying goes, you are only as strong
as your weakest link and this is especially true
when dealing 
with third parties that are outside
of your domain of control. The 2017 Data Risk
in the Third-Party Ecosystem study found that
56% of respondent organisations had been
affected by a third-party data breach, up from
49% the previous year. This should be a major
concern to any organisation as GDPR makes
it clear that organisations are accountable for
data breaches caused by any third-party service
providers
they appoint to handle data.
28 » M AR 2019 » CL EARVI E W- UK . C O M
By using a third party that has achieved
certification via a scheme such as Cyber
Essentials or IASME governance standard,
organisations can show that they have taken
steps to conduct due diligence within its supply
chain.
SHOW COMMITMENT
TO CYBER SECURITY

By displaying the Cyber Essentials badge
on its website, an SME can demonstrate
to customers, partners and investors their
commitment to cyber security. This is
particularly beneficial for organisations that

are storing personal information on customers
and employees, or hosting commercially
sensitive data. Through certification, SMEs can
proactively provide sufficient guarantees that
regulatory requirements
will be met and the
rights of data subjects protected.
COMPETITIVE ADVANTAGE

Improving cyber security within its supply
chain is a priority for UK Government. It has
decreed that suppliers must be compliant
with the Cyber Essentials scheme in order to
bid for contracts which involve the handling
of sensitive information and the provision of
certain technical services. However, Cyber
Essentials presents a competitive advantage to
certified SMEs when competing for all business
or tendering for public sector proposals
as they will be able to demonstrate their
security credentials and their diligence towards
defending the integrity of their customers’
data.
Certification has many benefits; it ensures
standardisation within the supply chain and is
a good differentiator for SMEs who provide
services as it shows a diligence to information
security. The UK National Cyber Security
Centre has taken a leadership role in providing
the technical expertise for the Cyber Essentials
scheme, which ensures that it encompasses the
county’s best technical insight and experience.
Cyber Essentials certification can help SMEs
implement strong, cyber security hygiene
practices and benefit from the new digital
world.
ABOUT CYSURE
CySure is a cyber security company
founded by experts with extensive experience
in operational and risk management. The
company has offices in London (UK) and
California (USA) and CySure’s flagship solution
– Virtual Online Security Officer (VOSO) is
an information security management system
(ISMS) that incorporates GDPR, US NIST
and UK CE cyber security standards to guide
organisations through complex, emerging
safety procedures and protocols, improve
their online security and reduce the risk of
cyber
threats.
www.cysure.net