INDUSTRYNEWS • 11
PROUD SPONSORS
OF THIS PAGE
Cyber
security
breaches:
WHEN
not IF
» » CYBER SECURITY HAS BECOME A
fundamental component of business
operations. As cyber criminals get more
sophisticated and threats continue to
evolve it is vital that companies invest
in security policies, procedures and
products regardless of size, market or
location.
Small and medium-sized enterprises
(SMEs) are as much at risk from data
breaches as large organisations.
According to the Cyber Security
Breaches Survey 2018, 42% of small
businesses identified at least one breach
or attack in the last 12 months.
However, it is not an insurmountable
problem and SMEs can protect
themselves against common cyber-
attacks by undertaking a certification
process. Cyber Essentials is a
government and industry backed
scheme to help all organisations
protect themselves against common
cyber-attacks. In collaboration with
Information Assurance for Small and
Medium Enterprises (IAMSE) they
have set out basic technical controls for
organisations to use which is annually
assessed.
Here are four reasons to get certified:
MITIGATE CYBER RISKS
Whilst no security strategy can stop
100% of attacks, the aim is to mitigate the
risk as much as possible. The majority
of attacks exploit basic weaknesses in IT
systems and software, and these can be
quite straightforward to defend against.
The Cyber Essentials scheme aims to
provide businesses with a strong base
from which to reduce the risk from these
prevalent cyber-attacks.
IDENTIFY WEAK SECURITY LINKS
IN YOUR SUPPLY CHAIN
As the saying goes, you are only as strong
as your weakest link and this is especially
true when dealing with third parties that
are outside of your domain of control. The
2017 Data Risk in the Third-Party Ecosystem
study found that 56% of respondent
organisations had been affected by a third-
party data breach, up from 49% the previous
year. This should be a major concern to
any organisation as GDPR makes it clear
that organisations are accountable for data
breaches caused by any third-party service
providers they appoint to handle data.
By using a third party that has achieved
certification via a scheme such as Cyber
Essentials or IASME governance standard,
organisations can show that they have taken
steps to conduct due diligence within its
supply chain.
SHOW COMMITMENT TO
CYBER SECURITY
By displaying the Cyber Essentials
badge on its website, an SME can
demonstrate to customers, partners and
investors their commitment to cyber
security. This is particularly beneficial for
organisations that are storing personal
information on customers and employees,
or hosting commercially sensitive
data. Through certification, SMEs can
proactively provide sufficient guarantees
that regulatory requirements will be met
and the rights of data subjects protected.
COMPETITIVE ADVANTAGE
Improving cyber security within its supply
chain is a priority for UK Government. It has
decreed that suppliers must be compliant
with the Cyber Essentials scheme in order to
LOCKSMITHJOURNAL.CO.UK | JAN/FEB 2019
bid for contracts which involve the handling
of sensitive information and the provision
of certain technical services. However,
Cyber Essentials presents a competitive
advantage to certified SMEs when
competing for all business or tendering for
public sector proposals as they will be able
to demonstrate their security credentials
and their diligence towards defending the
integrity of their customers’ data.
Certification has many benefits; it
ensures standardisation within the supply
chain and is a good differentiator for
SMEs who provide services as it shows
a diligence to information security. The
UK National Cyber Security Centre has
taken a leadership role in providing
the technical expertise for the Cyber
Essentials scheme, which ensures that it
encompasses the county’s best technical
insight and experience. Cyber Essentials
certification can help SMEs implement
strong, cyber security hygiene practices
and benefit from the new digital world.
ABOUT CYSURE
CySure is a cyber security company
founded by experts with extensive
experience in operational and risk
management. The company has offices in
London (UK) and California (USA) and
CySure’s flagship solution – Virtual Online
Security Officer (VOSO) is an information
security management system (ISMS)
that incorporates GDPR, US NIST and
UK CE cyber security standards to guide
organisations through complex, emerging
safety procedures and protocols, improve
their online security and reduce the risk of
cyber threats.
www.cysure.net