Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

CYBER ESSENTIALS – WHAT’S IN IT FOR UK BUSINESSES

CYBER ESSENTIALS – WHAT’S IN IT FOR UK BUSINESSES

By Alan Calder, founder and executive chairman of IT Governance

The problem with security infrastructure is that we only pay attention when it fails.

In November 1979, the Soviet Union launched over 2000 intercontinental ballistic missiles at the United States, an overwhelming first strike intended to wipe the country off the map. Hawkish National Security Advisor Zbigniew Brzezinski was on his way to awaken President Carter so that the counterstrike could be launched, when the news came through – a triple check had revealed that the apparent Soviet launch shown on their screens was actually a computer error.

Fortunately, somebody had put a sensible security measure in place – triple checking – and prevented a disaster. Do we remember the men who prevented world war three that day? Of course not – but everybody knows about the world wars that we didn’t prevent.

A cyber security failure can destroy your business

Cyber security is not very different: a failure can destroy your business but we rarely give credit to the system when it protects us, and all too often the subject is entirely ignored until after a successful attack. Executives generally prefer to focus on other areas – sales, finance, innovation, and so on – often ignoring IT security. What few realise is that IT security has to be addressed at every level and across all business departments – it cannot be separated from the business, but must be truly integrated. The responsibility for making this happen lies with the board.

If you are an executive, it is your legal and moral obligation to make sure that your business is properly protected against cyber crime. You wouldn’t dream of letting strangers wander through your office, going through sensitive company data – this is common sense that applies equally in the digital and physical realms.

Cyber Essentials – implementation is easy

The UK Government is aware, however, that many organisations are still not taking the digital threat seriously enough. Their response is the new Cyber Essentials scheme, which is an effort to meet the first responsibility of any government: to protect its citizens. In this case, they want to prevent fraud and theft by ensuring that data is kept safe.

Cyber Essentials is suitable for small, medium and large organisations across the UK, and will ensure that they have basic cyber security systems in place to counter the most common attacks: phishing, which exploits user credulity to infect systems with malware, and hacking, where attackers exploit known vulnerabilities in systems using tools that are readily available on the Internet. The more organisations that sign up, the safer and more attractive the UK will be as a place to do business.

In our new pocket guide on the subject, I outline the five controls that make up the scheme. Most organisations already have some or all of these security measures in place:

  1. Boundary firewalls and Internet gateways must be used to protect the integrity of the system.
  2. Computers and devices must be properly configured for security.
  3. Access privileges for users must be properly controlled.
  4. Malware protection (e.g. antivirus software) must be in place.
  5. Software patches must be installed on release to ensure that the organisation is protected when security issues and vulnerabilities are repaired by the vendor.

Make no mistake, implementing these controls will not solve all your cyber security problems – a more thorough approach like ISO27001 will give better protection – but there are a number of crucial advantages to becoming compliant with the scheme. For a start, it will defend you against the automated, untargeted attacks that make up the majority of cyber crime. With the average cost of a data breach in the UK at over £2 million, stopping just one successful attack could cover the cost of implementing Cyber Essentials several times over. What’s more, it can also prevent damage to your reputation – it is extremely embarrassing to be exposed as the victim of low-tech cyber attackers. From 1 October, the UK Government is also restricting the bidding on certain contracts to those with an official Cyber Essentials certification, which provides a further incentive for organisations to get involved.

Certification can give organisations an advantage over competitors, helping to demonstrate to potential customers that they are more committed to securing valuable data. Many organisations have already been certified – Barclays Bank was the first major organisation to achieve this – and IT Governance recently helped Vodafone to get their badge, so it is also a question of whether your organisation can afford to be left behind.

Compliance is a simple and inexpensive process

Getting certified to Cyber Essentials is a simple and inexpensive process, developed in collaboration with the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI) to ensure that any organisation – whether SME or multinational – is capable of achieving it. The involvement of an experienced cyber security company will significantly facilitate compliance – especially if the vendor is also an accredited certification body like IT Governance – as their experts can explain the entire process all the way through to full certification. The certification process itself involves a self-assessment questionnaire and external vulnerability scan. For Cyber Essentials Plus – the advanced level of certification – a more detailed internal check of your information security infrastructure is also necessary.

This raft of benefits means that the scheme is not just about ticking a box to win the odd government contract, however lucrative. It is also about taking steps to save your business from the untold financial costs and reputational damage that result from a breach – steps that might also save your career from taking the same unfortunate turn as that of the CEO of Target.

In short, obtaining certification could be one of the best investments you ever make. Don’t let your business suffer from the common management perception of security systems – you may never know just how many disasters Cyber Essentials has saved you from, but, with the current rise in aggressive cyber attacks, you can be sure that it is worth your attention.

Alan Calder is founder and executive chairman of IT Governance, the global provider of integrated cyber security products and services, and the author of ‘IT Governance: An International Guide to Data Security and ISO27001/ISO27002’, and the recently released ‘Cyber Essentials – A Pocket Guide’.

[email protected]

www.itgovernance.co.uk

tel: +44 (0) 8450 701750

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post