Cyber Essentials is a UK government backed certification showing that your organisation meets a minimum level of good security practice. Most of these things, if you are a client of CenCom we will be doing for you but the certification is a requirement for any contract with the government and the practices it embeds in your organisation just make sense. You can read the government summery here
Criminals are after your data, either because it can be used to gain your customers or your money, they can alter it and hold it to ransom or use information to extort money from you. As users legitemate users demand more remote access to systems and as companies put in place fast internet connections and linked IT systems to make this possible things are left behind. These are not technical in nature or complicated to put in place but they do require thought, communication and a level of threat awareness.
Use policies, it is common for small businesses not to think about the policies of how the users interact with IT, you give them a computer and a username password and email when they start, surely the employee will just use it inthe best way, you would not need to tell then they should not put all their data on an uncrypted USB key and take it in their pocket on public transport every day? – well CenCom has had users do exactly this and think it is perfectly normal and OK becuase no-one ever told them not to.
User joining and retirement policies, Do you check they do not have any data on any personal equipment such as phones and tablets, How long after they have left do you have their account retired? Do they know any other users passwords? these are all questions that you need to understand. More than that your clients want to understand the answer to those questions.
Cyber Essentials helps by a process of checking and answering all these questions within best practice and then certifying that you have the correct practice in place. Once you have certification you can publish the seal on your company literature.
CenCom Solutions recommends all organisations achieve at least Cyber Essentials for piece of mind, those who hold more sensative client data or information should think about the Cyber Essentials Plus scheme and perhaps looking into CenCom Solutions Data Risk Analycis including PCI testing.
If you would like to look into getting Cyber Essentials then please contact us through the form below