Cyber Essentials is a government-backed initiative that, once you’ve achieved certification, demonstrates that your business has good cyber security practices in place and you take cyber security seriously.
And this matters for professional service firms, such as solicitors, accountants, consultants and architects. This is because they are knowledgeable businesses, almost entirely based around data, including both client information and company confidential information. And most importantly, that information must be kept securely.
Clients are trusting you to maintain the security of their personal information, which you are storing and processing as part of your business operations. You are responsible for the security of that data, and a fine for a data breach could be brand-damaging as well as financially damaging.
Think about all those hours spent by you and your staff, writing, analysing, reviewing and creating information. The loss of that work would be equally damaging to your business.
Therefore, cyber security matters for any business, especially firms offering professional services. So, acquiring a Cyber Essentials certification ensures that you have in place at least the foundations of strong cyber security defences. Also, professional bodies such as the Law Society often recommend Cyber Essentials as a good starting place.
Cyber Essentials is good for business
By going through the process of gaining certification, you will gain a greater understanding of your own cyber security position. You will then know what needs to be done in order to strengthen your defences against online attacks too.
Cyber Essentials helps protect your business against common threats. Nothing can stop all attacks, but by achieving certification, you’ve demonstrated that you have tactics in place to reduce the risk of attack.
It shows that you take cyber security seriously, which will build customers’ trust in your business. By putting the certification badge on your website, potential customers will be reassured that you take the integrity of their data seriously, before they’ve even approached you.
It supports good practice; some cyber security insurers require that you have Cyber Essentials in place before they will insure your business. Also, in the event of a data breach, it will demonstrate to the ICO that you had the right controls in place, which could reduce any fine.
Your customers, especially if they are large organisations or government departments, may require that you have Cyber Essentials in place in order to become a supplier.
And finally, Cyber Essentials gives you peace of mind that your business will be protected against most of the common cyber-attacks.
How to become Cyber Essentials certified
There are two levels of certification: Cyber Essentials, which is self-assessed, and Cyber Essentials Plus, which includes some additional tests run by an external assessor. Each needs to be renewed annually.
You can certainly go through the process yourself, but it is probably more efficient to ask for expert help from a cyber security consultancy. They will understand the terminology of the questions being asked and the purpose behind the questions, enabling them to help you find the right answers.
You could start by stepping through the Cyber Essentials readiness questions so that you understand your current position, and what you need to do to meet the requirements.
It is important, though, not to regard achieving Cyber Essentials as a tick-box exercise. While it is a great way to get started, it should not be seen as an isolated project, but should be embedded in a wider cyber security strategy for your business.
Understanding the reasons why the elements of Cyber Essentials are important and implementing them in such a way that your organisational culture, your policies and your procedures support the requirements. This will go a long way to strengthen your cyber security defences.
If you’d like some help with achieving Cyber Essentials or Cyber Essentials Plus for your business, or have any other questions about cyber security for your business, then please contact the Click and Protect team here or give us a call on 0113 733 6250.