Protecting your business against constantly emerging cyber security threats is an on-going task, not just a one-off project.
Research shows that 43% of cyberattacks are aimed at small businesses. Regardless of your size, what sector you are in or how sensitive the data is that you process, the cost and disruption from a data breach, ransomware attack or other malicious activity could be substantial to your organisation.
A well-thought-out strategy for tackling information security threats is crucial. This should include an information security policy, end user awareness training, annual IT security audits/risk register review and clearly defined accountability for information security in your organisation.
Labyrinth have been contracted to deal with cyber security incidents on an ad-hoc basis which have cost small businesses tens of thousands of pounds. In every case we have dealt with, the attacks could have easily been prevented with relatively low-cost cyber security controls – particularly when weighed up against the financial loss the businesses suffered through the attacks.
In most of our Outsourced IT Support service plans we include annual IT risk assessments, routine security audits, security incident management, disaster recovery and strategy reviews. We also provide all of these services on an ad-hoc basis and can work alongside your in-house teams.
Our cyber security expertise is backed up by our own IS0 27001 and Cyber Essentials accreditations which we have held for a number of years.
It is possible to get from application to Cyber Essentials certification within a day or two, but this depends entirely on your current cyber security profile and ability to address the points raised during the process. In reality, most organisations take around 14 days from application to complete the assessment and receive certification. Because of the need to achieve a higher level of assurance, as well as the need to arrange the internal security assessment and external scan, this process of becoming Cyber Essentials certificated will usually take longer than 14 days.
Yes. Labyrinth Technology are trained and licensed to deliver Cyber Essentials and Cyber Essentials Plus certifications, and only the organisations that are licensed to do so can conduct assessments.
For the lower certification organisations complete a self-assessment questionnaire which is then signed off by the appropriate signatory within the organisation. This is then verified by an independent party such as Labyrinth Technology, that is trained and licensed to certify against the government’s scheme. Cyber Essentials Plus requires a technical audit of specific systems, and provides a more advanced level of assurances. There is also the requirement to also pass an on-site assessment, an internal vulnerability scan and an external vulnerability scan, all conducted by the certification body.
The primary reason to attain Cyber Essentials certificated status is to demonstrate to your clients, prospects and partners that your organisation takes cyber security seriously, and that you have taken steps to secure your in-house IT while keeping the approach simple and the costs low. If your firm has the Cyber Essentials certification it will be protected against approximately 80% of common cyber attacks, allowing you to focus on your core business objectives. And if that objective is to source new clients, particularly larger clients that take third-party risks properly, this independent verification of your cyber security approach offers tangible proof that you will pose any threat during digital interactions. Furthermore, if you want to apply for government contracts Cyber Essentials certification is likely to be a mandatory requirement, and the Ministry of Defence now mandates that Cyber Essentials is a requirement, not just for all its new suppliers, but their relevant supply chains also.
Cyber Essentials is an effective scheme, backed by the UK government designed to help organisations of all sizes follow a path to protect themselves against a range of the most common and current cyber security threat. It also demonstrates the commitment of an organisation to cyber security. There are 2 levels of certification: Cyber Essentials and Cyber Essentials Plus. It should be noted that many government contracts would require a supplier to have a Cyber Essentials certification.