Cyber Essentials certification can help protect your business from 80% of common cyber attacks. We look at why it is so important – and how you can get started.
Why is cyber security so important to small businesses?
Cyber security is extremely important to small businesses – just look at the WannaCry attack last year.
WannaCry became headline news primarily due to its impact on the NHS. The healthcare sector was crippled and staff lost hundreds of hours trying to fix the countless appointments that were lost. WannaCry was also a big headline grabber due to its global scale and connection to North Korea.
However, that is not the full story. 150 countries were attacked, with a whole host of different businesses, many of them small enterprises, being affected. The key point was that these businesses were not prepared for this type of attack. The main difference between the NHS and a micro business in this situation is that bigger organisations have the budget to handle the fallout from a cyber attack. WannaCry put cyber security, especially in small businesses, in the spotlight.
Cyber crime is not just a financial burden, though. Micro businesses often have no more than a handful of people working in the office who might be forced to devote precious working, management and technical support time to dealing with an attack – and that can have a big impact too on the bottom line.
Smaller, low-profile cyber attacks against small businesses happen every single day.
What types of attack should a small business look out for?
WannaCry is an infamous example of a ransomware attack, one where the victim must pay a fee to unlock their data or prevent its publication. The WannaCry attackers demanded to be paid in bitcoin – a form of electronic cash known as cryptocurrency.
More recently, British Airways suffered a cyber breach on its website and mobile app with over 380,000 customers affected. Attacks like this can ruin the relationship between a business and its customers.
There are all sorts of different attacks to look out for, one of which is phishing. This is when a user receives an email from an attacker who is claiming to be another individual. The attacker will be looking to get hold of the user’s login details.
Often the attacker falsely claims to be from a well-known company. If you get an unsolicited email, think twice about why you are receiving that email. Anti-virus software should be helpful in tackling this kind of attack.
What other basic things can a small business do to reduce the risk of online threat?
Small businesses can learn from the mistakes of more experienced organisations and individuals. Our Cyber team previously looked at MPs who shared their login details and passwords with members of staff and other employees. This is an absolute cyber security ‘no-no’.
The shocking thing about this is that these MPs appeared to be extremely blasé about sharing their passwords when having a strong, secure password would seem to be such an obvious good practice. The reality is that many businesses and organisations are not as secure as you might think.
It is still extremely common for businesses to use ‘password’ for their password, which makes them incredibly vulnerable to attackers. If you want more information on how to create a secure password, you can Google “the fifty most obvious passwords” or “the most hacked passwords”.
The Government recommends that users combine three unrelated words into a single password as this will provide greater security. You should also update your passwords regularly.
How can Cyber Essentials help small businesses achieve their cyber security goals?
There are many benefits to becoming Cyber Essentials certified.
Firstly, a business and its customers will be better protected against attacks – organisations will become cyber secure against 80% of common cyber security threats as well as being on their way in terms of complying with GDPR, which came into effect in May 2018. Cyber Essentials does not completely set you up for compliance with this important new regulation, but it will contribute to you getting there.
Secondly, Cyber Essentials will protect a business from data theft, which can be extremely costly for small enterprises. Businesses can save significantly in both money and time simply by being more efficient in their cyber security.
Another important aspect to Cyber Essentials certification lies in winning contracts. Perhaps your micro business wants to win work with the MOD. Currently, MOD suppliers must have this certification to win lucrative new work with the Department.
When you are tendering, your cyber security is an area that both the private and public sector will pay close attention to. Organisations that are sharing their data will not want to be involved with other businesses that are vulnerable to cyber attacks.
While the MOD and central government mandate Cyber Essentials certification, other public bodies don’t. However, as time goes on, it is likely that this will change. It is better to be prepared for that situation than to bury your head in the sand.
What package is most suited for micro businesses and sole traders?
There are three separate packages available.
First, the base level package which costs £300 (excluding VAT). This package allows users to go through the Cyber Essentials process, filling in the self-assessment questionnaire. Customers must pass all the sections to become Cyber Essentials certified.
There is also Fast Track Cyber Essentials certification which costs £600 (excluding VAT). This allows the customer to become certified as soon as possible. Once the customer has passed the self-assessment questionnaire, they are guaranteed Cyber Essentials certification within 24 hours.
We also offer Cyber Essentials Plus which costs £2500 (excluding VAT). This includes an on-site visit from our team where we will look at an organisation’s cyber security processes in depth and help them to improve in areas where they may be vulnerable.
The first two options are likely to be the most suitable for small and micro businesses. If you are a micro business getting started and not in a great hurry to achieve certification, it would probably make more sense to choose the first option as this is likely to be all that is required for low-value tenders. Make sure you have this in place, though, as it could help you to win contracts.
How can a business get started with Cyber Essentials?