Earlier this month Rowe IT gained its Cyber Essential Plus certificate. This is a government backed scheme aimed at preventing cyber attacks (https://www.gov.uk/government/publications/cyber-essentials-scheme-overview). With one in four businesses reporting a cyber breach or attack in the last 12 months, ignoring the threat would have been foolish.
With the launch of the National Cyber Security Centre in February, cyber awareness is on the increase. Indeed, cyber security has almost become trendy and there are many phrases and courses being bandied about. We chose to pursue Cyber Essentials as it is a government recognised scheme which will ensure solid cyber protection when it’s requirements are followed.
As an IT company, it is very easy to think you have it all covered and to be honest, we weren’t too shabby. However, it was still an excellent learning experience which re-enforced the importance of always keeping five key areas up to date; boundary firewalls, secure configuration, access control including management of administrative privilege, malware protection and patch management. This flows nicely into our Information Security Management System and provides information security assurance to our customers.
So are we safe? Being aware will help to minimise the risk of attack and more importantly maintain the safety of our data. Cyber Essentials does not cover everything and further strategies were required but it did provide a solid set of controls from which to build.