In the past, the security of your systems has been an Ad Hoc and evolving job which has become increasingly difficult over the past few years with the dramatic increase in cybercrime.
GDPR
In the past, the security of your systems has been an Ad Hoc and evolving job which has become increasingly difficult over the past few years with the dramatic increase in cybercrime. The big difference going forwards is that GDPR is now making it clear that if you have a data breach then the data protection rules now have a set of teeth and you could face large fines.
Until we see what happens in situations where a company breaches the GDPR recommendations it is impossible to say how well this is going to be enforced but what does seem to be evident is the belief that the ICO will take a very dim view on any company that simply hasn’t bothered, whereas for anyone that has made best efforts, any fines or punishments will reflect this.
The conclusion we have come to is that the best approach to ticking the electronic security box for GDPR is to get your company Cyber Essentials certified. In line with this, Hands On IT have recently done this for ourselves.
You can read our case study on how we worked with our client to achieve their Cyber Essentials Plus certification here.
What is Cyber Essentials?
In an effort to explain Cyber Essentials we would equate it to the MOT on your car. The MOT for your car is not a replacement for the normal servicing and maintenance but goes hand in hand with it. The MOT is a specific set of tests that are carried out to test a cars’ basic road worthiness at a set point in time and while it doesn’t guarantee that a car is not going to have an issue it does show that a basic level of due diligence has been undertaken and a baseline level of safety has been met.
Continuing to use the MOT analogy, if you were unlucky enough to be in an accident then the relevant authorities would check to make sure your MOT was valid and should you not have an MOT then you would be facing a large fine and potentially criminal prosecution.
So as with the MOT, Cyber essentials doesn’t guarantee that you will not be the victim of a cyber-attack but it does reduce the risk and indeed tells the relevant authorities that you have made an effort which clearly puts you in a different light to those people that haven’t.
Cyber Essentials is a government backed scheme and is mandatory for most organisations that want to provide services to the government sector.
Unlike GDPR, Cyber Essentials is something that you can pass and get a certificate for (as with an MOT) and this lasts for one year.
If you wish to investigate Cyber Essentials then everything you need to know can be found here.
Cyber essentials is something that you can do for yourself using the resources available via the above website, so for anyone with their own in-house IT resources and the time, your only cost is going to be the £300 charged for the assessment and the time to do the work.
However, a word of warning! Should you fail the assessment your assessor should give you a few days to reassess the areas that have failed and then reapply, but if you fail after this time then you would have to reapply and pay the £300 fee again.
For companies that want to carry out the majority of the work themselves but need assistance/guidance with particular areas we are happy to either bill for this time as consultancy at your reduced hourly rate or book the time to your support agreement as with any other project.
If you are interested in CE certification but do not have the time or the inclination to do the job then we are able to offer a turnkey service which includes everything you need to take you from where you are now through to full certification including all of the required procedure documents.
If you wish to discuss this service, please contact the team on 020 8649 9911 or email us at info@hoc.co.uk.