At Infotech we are big fans of Cyber Essentials. This is the government-backed scheme to help businesses reach an acceptable level of cybersecurity.
Getting Cyber Essentials accreditation is great and we would recommend all businesses achieve it but that doesn't mean your work on cybersecurity is finished. If you don't know what Cyber Essentials is or haven't done it yet you can find out all you need to know here.
As great a scheme as Cyber Essentials is it does lack a process for day to day cybersecurity.
It will certainly give you a general overview of the effectiveness of your cybersecurity practices and also give you a framework that helps protect your business. For many businesses that will be extremely important.
But there is still more you can do.
Here are 4 key areas you can look at in your business after you gain Cyber Essentials accreditation
Cybersecurity is always changing so to keep up with it we recommend running vulnerability scans. These will provide you with an up-to-date picture of your security.
Every day thousands of automated attacks are launched. The purpose is to target new vulnerabilities in your system and networks. They continuously probe and probe your defences each day until they can find a way in.
The vulnerability assessment is an extra precaution you can put in place to make sure your business is as secure as possible.
Using a vulnerability assessment gives you a chance to discover and fix any weaknesses before the cybercriminals can find them. The more often you run the assessment the less chance Cybercriminals have to find those weaknesses.
88 per cent of UK data breaches are caused by human error. That places a lot of emphasis on your staff and the role they play with cybersecurity. It's important that they know the best cybersecurity practices, how to spot phishing emails and the role they play in securing the business.
Your staff need to understand the threats that they face and the steps they need to take to prevent any data breaches.
Create policies and procedures to help make things easier for you and your staff. Educating your staff is not a one-time thing though, you will have to continuously update your staff.
Use an independent assessment
When Cyber Essentials is implemented correctly, its controls will prevent about 80% of common cyber attacks. That is a fantastic starting point but you still need to do more.
Cyber Essentials can be done as a self-assessment but for extra peace of mind, you should consider an independent assessment. Running checks and assessments on your business can be daunting, especially if you don't have much experience with it.
Independent assessments will, in almost all cases, find areas of vulnerability that you can then improve on. In the rare case that you are giving a clean bill of health, then you get the peace of mind and the knowledge of knowing what you are doing is working.
Infotech offers our own free IT audit that will review your whole IT infrastructure. The audit will highlight what is working, what is a potential problem and what you need to fix straight away. Find out more information on our free IT audit here.
Stay up to date on Cybersecurity measures
Even if you outsource your IT security you should keep up with the latest news and developments around cybersecurity. It's important to keep up to speed on what the latest cyber threats are and how you can defend yourself.
There is plenty of good information out there you can read. Reading a blog like this one or someone like the IT governance blog is a great place to start. In the same way that just because you are secure today doesn't mean you still will be tomorrow, just because you know the best practices today doesn't mean they will not change in the future.
Cyber Essentials is a great scheme and we can't recommend it enough. However, your Cybersecurity doesn't begin and end with that Cyber Essentials accreditation. There is still plenty you can do, and need to do, to secure your company.
Infotech can manage your whole IT security or at the very least you can use our free IT audit to see what shape your business is in. For more information contact us here, email email@example.com or call us on 01634 52 52 52.