Leaving the EU Was Hard, Securing your Data with Cyber Essentials Isn't

In January 2022, the British National Cyber Security Centre (NCSC) urged UK organisations to strengthen their cybersecurity defences, due to tensions between Russia and Ukraine.

At the time it was feared that if a military conflict broke out, UK organisations may be targeted in Cyber-attacks like those that crippled Estonia for three weeks in 2007.

Surely they must have had a crystal ball.

The NCSC also advised UK organisations to take specific actions to prepare for such an event.

Today things are much worse than they were in 2022.

It wasn't long ago that Cyber Security was mostly about protecting an organisation from hackers and criminals, after all, you'd hardly expect your friendly neighbourly government to hack you.

Um, let's just forget Angela Merkel's phone for now 😏

But that has all changed.

It's a sad fact that more people are talking about Cyber Warfare now, than Cyber Defence.

Make War, not Peace

As we are now in the middle of two nasty wars, governments and regimes all over the planet are hacking each other.

The internet is rapidly being weaponised.

In hindsight, that's not surprising, given that the Internet started out as a DARPA project.

We should have seen it coming.

I guess that's why we see so many critical vulnerabilities being exploited on internet-facing devices these days.

The key point is that many Cyber Attacks can be prevented or their effects mitigated, using a few key principles.

What are those principles?

To find out, look no further than the UK Cyber Security standard called Cyber Essentials.

Cyber Essentials

In case you don't know, the British Cyber Essentials program is a government-backed, industry-supported scheme designed to help UK organisations of all sizes protect themselves against a whole range of the most common Cyber-attacks.

Introduced to ensure a basic level of Cyber hygiene for businesses and organisations, the program outlines five critical technical controls:

• Secure internet firewalls
• Secure configuration of devices and software
• Access control
• Malware protection
• Device and software updates

It's not rocket science.

Here's the thing, you don't need to be British to use the same tried and tested methods to dramatically improve your Cyber Security.

And you don't need to follow any special framework or be audited to do so.

But if you have millions to spend then you can use the same principles with ISO27000 or any other framework you want.

And yes it's true that in a small office, you may have just a single SoHo firewall with two security zones, and in an enterprise, you may have scores of firewalls.

But the principles remain the same.

If you are a UK Organisation

If you are a UK-based organisation, achieving Cyber Essentials certification not only boosts your defences but also serves as a badge of trust, demonstrating to customers, investors, and other stakeholders that you are serious about cybersecurity.

The process of certification is straightforward.

Certification Levels and Costs

Cyber Essentials offers two certification levels:

• Self-Assessment: Starting at £300 + VAT, organisations complete an online questionnaire, detailing their system configurations for review.
• Cyber Essentials Plus: Requires an on-site audit by a certification body, with costs varying based on the organisation's size and complexity. This level provides a deeper verification of an organisation's Cyber security measures.

Benefits of Certification

Achieving Cyber Essentials certification signals a commitment to Cyber security, offering benefits like enhanced protection against common Cyber threats, eligibility for free Cyber insurance for UK businesses with a turnover under £20 million, and fulfilling requirements for certain government contracts.

Achieving Certification

Organisations looking to certify should:

• Utilise the NCSC's readiness toolkit for guidance
• Familiarise themselves with the detailed security requirements
• Address any security gaps or required improvements
• Select an experienced Cyber Essentials certification body
• Submit the self-assessment questionnaire after paying the fee

Conclusion

Cyber Essentials is far from a mere formality; it's a strategic investment in your organisation's Cyber resilience.

With potential savings in the face of Cyber threats and eligibility for significant Cyber insurance, it's a foundational step towards safeguarding your digital environment.