- Case Studies
- About Us
With Principality Consulting’s skills; the specialist resources available as CompTIA members; and a strong track record in providing IT advice to SMEs it’s not surprising we hold the forward thinking, Cyber Essentials accreditation. It provides a firm foundation for our portfolio of IT Security Services.
Cyber Essentials is designed to help the SME community to improve their digital security, from a single person company up to a company employing 250 people.
A malicious cyberattack can be especially devastating to a small business. Not only damaging reputation, but also risking financial penalties – the maximum fine for breaching the Data Protection Act is £500,000 – which could by itself put them out of business. Plus the cost of time lost mitigating the damage.
Digital security is in the news. There are frequent reports of companies being hit by the latest “virus”, known as Ransomware, which can be crippling for a business. Ransomware is particularly destructive, as once it’s on to your computer, it will encrypt all data. Anything that the computer can access is under threat. Imagine of all of your quotes, invoices, timesheets, customer data, personnel records, etc. was suddenly, and without warning, unavailable. Even data in cloud services like Dropbox or OneDrive. If you don’t have a backup, then the only usual way to regain your data is to pay the ransom in the hope that you will get a key to unlock your data which will work. It may not, and you will have lost hundreds of pounds as well as your data.
It’s not all bad news as there are defences to protect your business from such threats, but it does mean that you need to take some proactive steps. Cyber Essentials will help you with those proactive steps.
There are many ways that you can organise things to reduce the risk of getting hit by Ransomware or another digital attack, but one of the best is the UK Government’s Cyber Essentials scheme It’s an open standard with a number of certifying bodies that can give you a certificate to say that you comply to the standard, and it’s a certificate which public sector buyers increasingly mandate.
Cyber Essentials certification also reduces insurance premiums. A government report in March 2015 found that the majority of insurers believe “ that Cyber Essentials would provide a valuable signal of reduced risk when underwriting cyber insurance for SMEs.
Even if you don’t contract with the government, you could be a subcontractor which will also need to comply. Whilst these mandatory requirements may be one reason to get the Cyber Essentials certificate, the biggest reason is to ensure that all of your digital information is safe from Cyber Attack. These attacks are automated, and target nobody. The architects of the attacks spread their malicious payloads by various means, from infecting an otherwise useful web site to sending millions of emails to every email address that they know. Have you had a spam email? Then you have been sent an email which could potentially have been generated by Cyber Attack.
The Cyber Essentials scheme gives a framework to ensure that various aspects of your digital business comply with best practice to lower your risk of being caught by a Cyber Attack. There are two levels – the basic Cyber Essentials is a paper exercise which is then audited by an accredited body. The Cyber Essentials Plus scheme additionally tests your answers, so that the certifying body will perform some tests on your infrastructure which will confirm that your measures are adequate.
The scheme is split into sections, addressing:
Ensuring that all of the sections have been addressed will give you the peace of mind that you are doing as much as can be reasonably expected to protect your data. If the worst were to happen, you should be able to recover.
The Cyber Essentials scheme isn’t easy to pass. The list of areas which could be affected by your business is extensive. From Cyber Security training for all of your Users, through to ensuring that data security is a standing item on the board’s agenda. Principality Consulting’s data security consultants will guide your business to give to the best chance of achieving the certification by an independent auditor at the first attempt.