86% of business owners believe digital risk will continue to grow
This is just one of the latest set of statistics to come across my desk. Whether it is true or not people believe they are at risk and often feel helpless to do anything about it. Many businesses believe they could be breached, but not many know what they can do – they lack the skills, they lack the technology and resources.
“43% of businesses in the UK have experienced a cybersecurity breach or attack according to Government Official Statistics”
Like Covid-19, new variants of malware are found every day. Some 18,000 vulnerabilities each year. Cybersecurity problems seem to be getting worse. The more your business relies on technology, the more the impact could be to ransomware or hack.
Standards to the rescue
NCSC, NIST and others are evolving simplified security frameworks to help improve cyber defences. Yes, you can implement ISO27001 (or 27001 questions as it was once put to me), but it can be expensive and time consuming to acheive. Cyber Essentials or the audited Cyber Essentials Plus offer a more simple route to accreditation and indeed better cyber defences.
CyberEssentials
Cyber Essentials consist of multiple controls, boiled down into the followng areas:
- Use a firewall to secure your internet connection (tracking rule changes & helping prevent bypass)
- Choose the most secure settings for your devices and software (helping ensure secure configurations are in place)
- Control who has access to your data and services (helping deliver NAC)
- Protect yourself from viruses and other malware (helping ensure antivirus controls are wher you need them)
- Keep your devices and software up to date ((helping reduce any vulnerabilities)
Afterthought
Cyber accreditations do not in themselves deliver security without the relevant monitoring in place. If vlnerability scans are only performed annually at accreditation review time, you could be compliant with the standards, but still be infected by ransomware or have a data breach.
Rebasoft can help ensure your cyber essentials controls are effective – 24/7