Prove your cyber security credentials

In cyber space, everyone can hear you scream!

The consequences of a data breach or other cyber security compromise always become noisily public – well within earshot of your customers, partners and suppliers, not to mention the regulatory authorities.

So how do you convince these critical stakeholders that you have taken appropriate steps to keep your organisation (and, therefore, their dealings with it) secure? How do you not only attain, but also convey, cyber trustworthiness?

The Cyber Essentials and Cyber Essentials Plus certification schemes put a workable, credible tick in both boxes.

Designed and backed by the Government, they work for organisations of all sizes in all sectors, publicly certifying your achievement of cyber security standards that will protect your organisation from the most common internet-based attacks.

Learn More: Get in Touch

 

Certification: what’s at stake?

Cyber Essentials and Essentials Plus certifications are genuinely valuable – and, like all things, if they’re worth having they’ll have a cost in terms of time, effort and money (let’s not pretend they won’t).

The question you have to ask yourself is: what are the consequences for your organisation if you remain uncertified?

This is only partly about the operational and financial damage that your organisation can suffer if hit by a cyber attack. It’s also about the penalties that can be imposed upon you if you cannot demonstrate you have taken reasonable efforts to defend against such an attack – and these can prove very expensive indeed!

 

For example:

•    A small media company was fined £60,000 by the Information Commissioner’s Office (ICO) for failing to take basic steps to stop its website being attacked

•    UK medical insurance company Bupa was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information

•    Multinational credit reference agency Equifax was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack 

Plus, the arrival of the EU General Data Protection Regulation (GDPR) is only likely to push these fines skyward, as the regulatory authorities start to prosecute not only on the basis of the actual proven abuse of personal data, but on the basis of the security failings that unintentionally facilitate it.

Learn More: Get in Touch

 

Cyber Essentials / Essentials Plus: key benefits

 

•    Save money! Certification is well regarded by insurance providers and can result in significantly lower premiums 

•    Reduce cyber- and data risk Certification focuses on five controls that can help prevent some 80% of cyber attacks
 
•    Gain competitive advantage Certification can enable you to bid for UK Government contracts that your non-certified competitors cannot

•    Enhance reputation and trustworthiness Certification demonstrates to investors, clients, suppliers and regulators that you have taken responsible measures to reduce cyber risks

 

What does certification involve?

Both certifications are focused on five security controls:


1.    Boundary firewalls and Internet Gateways
2.    Secure Configuration
3.    User Access Control
4.    Malware Protection.
5.    Patch Management.

Cyber Essentials is a guided self-assessment process that is validated by our appointed assessor, who will work with you to obtain clarifications and propose changes if necessary. Talk to us about Cyber Essentials
 

Cyber Essentials Plus takes the assessment several stages further, including independent testing and verification and a vulnerability assessment of your internal infrastructure (across multiple sites if necessary) to ensure devices are patched, configured securely and protected with appropriate anti-malware. Talk to us about Cyber Essentials Plus

 

Cyber Essentials / Essentials Plus certification is becoming an ever more urgent necessity to not only help you protect your organisation from cyber attack, but to stop you being penalised for a lack of action.

 

Learn More: Get in Touch

News

  • Firesand accepted into Armed Forces Covenant to support service personnel

    Firesand is proud to announce that we have been accepted as a supporting business in the Armed Forces Covenant – an organisation that helps ensure serving personnel, service leavers, veterans, and their families have the access to careers, educ ...
  • Firesand now Cyber Essentials-accredited. Next stop: Certifying Body!

    Firesand is proud to report that we’ve become a Cyber Essentials-accredited business, demonstrating that we have first-hand knowledge of cyber security from the customer perspective - and putting us in a strong position to become, ourselves, a ...
  • Firesand cybersecurity training @ TechUK: places now available!

    TechUK, is hosting Firesand training to enable businesses to learn how to engineer cyber risk management into their solutions from design through to delivery