It can’t have escaped your notice that cyber attacks are reaching epidemic levels. High profile hacks on company networks and web sites continue to make the news. As we wrote in a previous article, motives vary. Hackers may be opportunist – looking for a particular vulnerability in hardware and software to exploit or targeted – with a specific reason to attack your network by any method. Damage isn’t limited to data loss. Web sites can be used to silently distribute malware or be defaced, you might face claims under data protection laws and have your reputation damaged.
It is therefore vital that companies of all sizes take cyber resilience seriously, and the final initiative by the Digital Scotland Business Excellence Partnership (DSBEP) aims to help SMEs tackle the problem.
They have made available a Cyber Resilience Voucher which is an award of up to £1,500 to secure the services of an industry expert to help them with their cyber security strategy.
“All citizens and businesses are a potential target of an attack, particularly if they do not take some simple precautionary measures to protect themselves. Any company that relies on computerised systems for payroll, marketing via social media or a website, booking systems, databases of customer details including payment details and/or any Intellectual Property or Patent information that could be of value.”
– Digital Scotland
The Cyber Resiliance Voucher is available to any SME sized business based in Scotland and V.A.T registered. It will help you get through Cyber Essentials certification which is a Government and Industry backed initiative to protect business from the growing threat from Phishing and Hacking attacks.
It provides sound measures of protection against the main internet threats, and certification to demonstrate to customers, investors, insurers and other stakeholders that you have taken appropriate measures to protect your business from these contemporary threats. It is a requirement for all businesses in the Government Defence contract supply chain and this is likely to be expanded to other sectors in 2016.
How to get Cyber Essentials certification
The requirements for CE certification are set out in the Cyber Essentials Requirements document. Most SMEs without in house technical expertise will need assistance in complying with these requirements which fall into these areas:
- Boundary firewalls and internet gateways – preventing unauthorised access to your network.
- Secure configuration – out of the box, computers are not configured to be secure. Additional controls “harden” the system against attack.
- Access control – ensuring only those who should have access to systems to have access and at the appropriate level to limit damage from any attack.
- Malware protection – ensuring that virus and malware protection is installed, works in all situations and is up to date.
- Patch management – ensuring that every application on every system is up to date and all the necessary patches supplied by the vendor been applied.
If you are in Scotland first speak to your Business Gateway advisor and complete this application form for a Cyber Resiliance grant. If you are outside Scotland, contact us about starting the Cyber Essentials certification process as soon as possible. We’ll visit your office, complete a security audit, help you develop your security policies, improve cyber resiliance and complete your Cyber Essentials application.
“There are two types of companies in the world: those that know they’ve been hacked, and those that don’t.”
– Misha Glenny, British journalist and author, specialising in crime and cyber crime.