Show off your cyber safety credentials

Cyber Security - Has It Clicked?

16 Oct 2015

Would you like an easy way of showing your business can be trusted when it comes to cyber security – and a quick way of spotting which firms also make the grade?

Then sign up for the Cyber Essentials scheme – an initiative launched by the Government as part of its National Cyber Security Strategy in June 2014, which aims to make the UK a safer place to conduct business online.

Force Cyber Crime experts are highlighting the scheme as part of the Cyber Security – Has It Clicked? Campaign, which aims to help businesses and individuals stay safe online.

The Cyber Essentials Scheme identifies the security controls you must have in place within your firm’s IT systems in order to qualify for the accreditation.

Although relevant to firms of all sizes, the scheme also recognises that some small and medium sized enterprises may need more help, guidance and support than larger firms with IT experts on staff.

Insp Rich Osgerby, from the Humberside Cyber Crime team, said the force was considering adopting the scheme itself.

He said: “The scheme is intended to provide a way of showing your customers and partners that you have the basics in place to minimise and mitigate cyber risks, giving them assurance of your integrity in the area.

“It’s also likely that having Cyber Essentials accreditation will become a prerequisite for firms wishing to supply the Government with goods or services.”

The scheme is based around five technical controls.

1)     Ensuring boundary firewalls and internet gateways are correctly set up and secure, protecting private networks from unauthorised access

2)     Making sure the systems are configured in the most secure way for the organisation’s needs.

3)     Controlling access, ensuring all those using the system are authorised to do so and that levels of access are appropriate.

4)     Ensuring that antivirus and malware protection is installed and up to date.

5)     Install all the latest patches supplied by the vendor are applied to keep pace with the latest developments.

As it stands, there are two levels of certification – though further levels are planned for the future.

In order to complete the second level, your firm must firm pass stage one.

Stage one:

Each firm must respond to a questionnaire covering how the organisation complies with the requirements for basic protection from cyber attacks.
This is then sent for review to a body of experts, who also undertaken an external vulnerability assessment on your systems, to test for weaknesses and ensure all the individual controls on your internet-facing network perimeter have been implemented correctly.

Stage two:

This is a more thorough assessment from a certifying body, based on an internal security assessment of your end-user devices. Again, this directly tests your individual controls and looks for weaknesses in your systems.

Find out more about the requirements for Cyber Essentials accreditation and information on how to help prevent your business from falling foul of cyber attacks.

For all the latest on the Has It Clicked? campaign make sure you follow @humberbeat #HasItClicked? on Twitter and visit the Humberside Police Facebook page.