The timing for this Blog on Cyber is very coincidental. In fact, based on the events of 27th March, I have completely rewritten my original words.
So, what happened on 27th
March? Matt Hancock, Minister for Digital and Culture at the Department for Culture, Media and Sport, proclaimed that Government would be announcing a renewed push, starting later this week, to encourage the adoption of ‘Cyber Essentials’. A timely announcement when the Chamber’s manifesto for 2017 encompasses a pledge to encourage local businesses to adopt Cyber Essentials.
‘So’, I hear voices proclaim, ‘why should I be concerned with Cyber Essentials? I’ve not heard of it so it can’t be relevant to me! I have a business to run and haven’t got time for things like cyber, after all, I’m not a target for cyber-attacks!’
Well, if none of your business is online, if you don’t use email, if you don’t have a website, you don’t have computers, laptops or mobiles then you are right, this article isn’t for you.
However, the fact that you’re reading this via an online platform suggests that Cyber Essentials is very relevant. Oh, and if you think you’re not a target and wouldn’t be affected even if you did become an unfortunate victim, this clip
may change your mind!
Put simply, ‘Cyber Essentials’ is a Government backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. It is a Government business certification scheme that first and foremost guides your business down the path to greater cyber protection. As a bonus, it can also help gain and retain business!
As part of Matt Hancock’s overview, he advised ‘As part of the (Government) push, Government will require more contractors to obtain Cyber Essentials. A number of the UK’s largest companies have also agreed to require their suppliers to achieve Cyber Essentials; including Barclays, BT, Vodafone, Astra Zenica, Airbus Defence & Space and Intel Security.’
The stats on cyber breaches are frightening. All show an upward trend which is non-discriminatory as to sector or company size. I hate to shatter illusions, but small and medium companies are not exempt; quite the opposite, they represent the clichéd low handing fruit and also represent an inroad to a supply chain to target the bigger company. The key message there is to look at the security within your supply chain as well as your own business.
The more frightening fact, however, is that although many companies now claim they are aware of cyber risk, few have actually taken any action to mitigate that risk. When one takes into account the inconvenience, time, cost and damage to reputation, how can so many businesses be aware of the risk yet NOT take counter measures?
Well, yes you are a business with limitless pressures competing for the attention of finite resources. Yet if cyber is ignored, then don’t be surprised if further down the line you have no business to look after! Yes, that’s scary, but yes, it is also true as too many businesses can unfortunately testify.
The term ‘cyber’ probably doesn’t help. It conjures up perceptions of complicated, technological and expensive. Yet many solutions such as strong passwords, ‘patching’ or staff awareness campaigns are all free and non-technical, yet can make a significant difference.
Take away the word ‘cyber’ from ‘cyber security’ and you’re left with ‘security’. That is a term we all understand and all practice on a daily basis by locking our doors and ensuing copies of house keys are only left with a few very trusted people.
There are plentiful seminars around the two counties offering free advice on solutions that help improve your cyber protection. The Cyber Essentials Scheme itself helps guide you through some simple yet very effective practices which can make a real difference.
So, who says Cyber Essentials is any good? Let me continue with the words from Matt Hancock from 27th
March, ‘Firstly, for getting the basics right, we (Government) created the Cyber Essentials scheme. GCHQ analysis shows the vast majority of cyber-attacks exploit basic, known vulnerabilities like passwords and admin policies. Cyber Essentials shows you how to address those vulnerabilities. It’s simple, low cost and specifically designed for SME’s. All firms which rely on the internet should have Cyber Essentials – as a minimum.”
If you’d like a more local endorsement the Chamber’s own recently launched manifesto
, under Business Crime, outlines how businesses are one of criminals’ biggest cyber targets. And how does the Chamber pledge to help businesses? By ‘encourag(ing) businesses to obtain Cyber Essentials accreditation.’
Government, the Chamber and many other industry bodies actively encourage Cyber Essentials for a very good reason. The UK is leading the way in a profitable digital economy. For that economy to continue to grow, online operations need to be more secure across the whole business community. The Government backed Cyber Essentials Scheme has a key role to play as it not only makes your business more secure, it can actually win you business and provide a competitive advantage.