According to ThoughtLab’s “Cybersecurity Solutions for a Riskier World,” in 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year, and between 2022-2023, it’s expected to see a rise in attacks as hackers get more sophisticated.
Poor IT maintenance, lack of staff education and unknown assets are likely to play a big part in these attacks
The UK Government’s report on Cyber Security for 2021/2022 found that 39% of UK businesses had suffered some form of attack. In the main, these were phishing attacks but 1 in 5 identified a more sophisticated attack like DoS, ransomware or malware.
If company data is lost, through encryption via ransomware or a hacked account, then this can be costly to retrieve and the Company needs to ensure it has the correct process in place to quickly recover the data.
If a company suffers a data breach and client or confidential information is stolen, this could then be used to extort money or further information from those businesses.
Any data loss where 3rd parties data and information may have been compromised must be reported and this can have a big impact on a company’s reputation, leading to loss of contracts and sales.
It is estimated that 34% of UK businesses who suffer a serious cyber attack are forced to close – some permanently.
82% of data breaches analysed in 2021 involved some sort of human intervention. Making sure both yourself and your staff can recognise a potential attack and can take steps to improve data security and mitigate potential cyber threats is really important and a big step towards securing your business
There are several things you can do to help educate staff members and to keep Cyber Security at the forefront of everything they do.
This can include:
Cyber Essentials is a self-assessment which makes sure you have key controls in place to protect your systems and data. Although it is a self-assessment, there is still a lot of work involved in completing the questionnaire and also ensuring that the relevant policies and systems are actually in place and operational.
Cyber Essential Plus builds on the initial CE certification where a hands-on verification by an independent certification body is carried out to confirm that everything is in place and working correctly.
Obtaining CE and CE+ shows your clients and colleagues that your Company take Cyber Security and their data seriously and that you have measures in place to protect your business against the more common forms of attack.
Many Government and large corporate organisations will also insist on CE+ being in place before you can tender for contracts.
There may not be too much you need to alter to get accredited so long as best practices have been followed during the setup of your systems and there are steps in place to regularly monitor for changes.
The main challenges will probably be around passwords, user accounts and securing cloud services, which now come under the remit of CE and CE Plus.
As a guide (and this is not an exhaustive list!):