Simple steps to knowing your Cyber Essentials

Olly Duquemin
Author
Guernsey
4th August 2017
Information Security

Simple steps to knowing your Cyber Essentials

In this month’s Digihub section of Business Brief magazine, Olly Duquemin, Resolution IT’s CEO, sets out some simple steps to greater peace of mind for small and medium sized companies who are concerned with the growing threats of cyber crime.

‘WITH a poll of 500 SMEs by Barclaycard showing that small companies are more worried about the threat of cyber crime than the uncertainty caused by Brexit, it’s not surprising local firms are asking what they can do to protect themselves.

Local businesses we speak to on a regular basis are, rightly, concerned about the disruption and reputational harm that can be caused to them and their clients by criminals targeting their data.

And, bluntly, all organisations are potentially at risk – not just banks and multi-nationals.  Unless they are suitably protected and, more importantly, their staff are educated about the threats, all operations now face this danger.

Today’s cyber criminals don’t just target companies by name or category. They also use sophisticated software from remote jurisdictions to search out weaknesses in any operation because the data they can steal or, in the case of ransomware, block access to, has value which they seek to exploit at your expense.

Fortunately, however, there are steps which everyone can take, from a self-employed plumber to an enterprise scale organisation, and which would have prevented the Wannacry or Petya attacks that so damaged the NHS and others like WPP and Danish shipping and transport firm Maersk.

The scale of the problem is so large that the UK Government has launched Cyber Essentials, part of its strategy to make the UK a safer place to conduct business online.

We and other professional IT providers recommend its adoption to clients because, as the name suggests, it is an essential first step towards safeguarding your business.

We and other professional IT providers recommend its adoption to clients because, as the name suggests, it is an essential first step towards safeguarding your business.

As Government says, ‘The majority of cyber attacks exploit basic weaknesses in your IT systems and software. Cyber Essentials shows you how to address those basics and prevent the most common attacks. The scheme is designed by Government to make it easy for you to protect yourself.’

We certainly agree with that assessment and the steps outlined are so vital that the UK Government won’t deal with suppliers and other providers unless they comply with Cyber Essentials, something expected to become the standard for doing business here.

It’s also worth bearing in mind that had the various NHS Trusts complied with Cyber Essentials, they would not have been running out-of-date or unpatched operating systems. Therefore they would not have fallen victim to the Wannacry threats.

At the heart of Cyber Essentials is a self-assessment questionnaire which enables you to gauge how secure your business is against five technical controls – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.

In addition to this ‘foundation’ level of protection, the Information Assurance for Small and Medium Enterprises (IASME) governance standard recognises companies that take appropriate steps to protect their customers’ data.

Resolution IT, which provides comprehensive IT solutions, support and managed services to a mixed range of businesses and industries across the islands, has passed the independently verified Cyber Essentials assessment and attained the IASME Information Security Standard.

The benefit of this is we are one of the few IT providers who can independently validate the steps you have taken and, as Cyber Essentials and IASME increasingly become industry standards, demonstrate to others that you are safe to do business with.

Businesses can also go one step further and complete the Cyber Essentials Plus certification.  This requires a detailed on-site technical audit where one of the expert accessors ensures you have taken the actions necessary to become cyber secure.

One thing we do highlight, however, is that although Cyber Essentials is initially a DIY process, it does require technical knowledge that businesses without their own IT professionals may not possess.

For that reason, Resolution IT recommends that businesses start their security journey by consulting an appropriately qualified provider. Following that advice then ensures your business becomes cyber compliant in a stress-free and Government-recognised manner.’

Olly Duquemin

As a founding partner of Resolution IT, Olly has been fundamental in growing the business from three to over 75 in the intervening 16 years, including opening offices in Dubai and Jersey. With extensive IT experience and a range of technical qualifications, he is responsible for business strategy and driving the direction and offerings of Resolution IT, including cyber security, digital transformation and cloud solutions.

Committed to making award-winning Resolution IT a great place to work with and for, Olly is passionate about great customer service, making sure his team are seen as trusted advisors who operate as an extension of their clients’ businesses.

Olly is also involved with a number of advisory roles, in particular in the charitable and educational sector and is a supportive presence in making IT an attractive and exciting career proposition for young people.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

We'd love to hear from you

Whether you're interested in IT support, transformation projects or cyber security, start a conversation to discover how we can help your business succeed.
This field is for validation purposes and should be left unchanged.