Get more than basic cyber-security protection
Here’s what to do after getting Cyber Essentials certification for your business
August 25th, 2018
Work towards achieving Cyber Essentials Plus and put in place these 7 security measures.
Want more than basic cyber-security protection for your business? If you already have our 9 Steps to combatting cyber-threats in place and you’re Cyber Essential certified, you’ve made a good start. But if this is all you have, then for proper security there are still a few more steps you can take to safeguard your business. Cyber-crime is £1 trillion industry for cyber-criminals.
After getting the basic accreditation, you can work towards achieving Cyber Essentials Plus. This is a similar experience in achieving the basic Cyber Essentials accreditation. The difference is that it deals with security at a higher level and demands more rigorous policies and practices to be in place.
How else can you secure your business?
Cyber Essentials covers a broad range of topics regarding security and so will likely cover most of your basic security needs. But we also have a brief list of some security systems and techniques which are worth looking into. Or, if you’re looking to get the best level of cyber-security we recommend our CISO service.
ISO 27001 is an internationally recognised certification you can get which proves your cyber-security is at a high level. It can be used as a compelling point for people to choose your business over competitors.
Employees are often considered to be the weakest link in the cyber-security chain. But with regular training, they can become one of the strongest as they are able to spot and prevent threats.
Because of the rising cost of an outage, getting systems back online quickly is vital to prevent minute by minute money from burning. The rise of virtualisation and the cloud has made disaster recovery and business continuity a much simpler and cost-effective venture than before. It’s worth considering.
With connectivity being so critical to a firm, it’s essential to have backup network and Internet connections to prevent a failed connection from leaving the firm isolated from clients and the wider world. Multiple firewalls and/or routers are also recommended.
SECURING THE LAN
The LAN has previously been left relatively unprotected but it’s now imperative that you secure the internal network to restrict access from undesirable third parties. You also need to secure any wireless or virtual networks to stop a single breach from creating an open door across the entire firm.
MOBILE DEVICE MANAGEMENT (MDM)
Bring Your Own Device (BYOD) is a popular policy, but it’s also dangerous without the correct measures in place. Procedures need to be set up for when a device is lost or stolen or when an employee leaves the company. Don’t adopt BYOD for the sake of it, do it for an important reason. And if employees do need personal devices, look into Choose Your Own Device (CYOD) as a more secure alternative.
DATA LEAK PROTECTION
In order to implement an effective data leak protection policy, you need to really understand what data you have and the risks you face. Only then can you really begin to implement the correct controls. These will vary from sector to sector but should include things like portable encryption, endpoint protection, email content control and intelligent firewalls.
In short, put in place more than basic cyber-security to stay ahead of the game. Stop those cyber-criminals in their tracks with a good level of protection for your business.
Any questions about either of the Cyber Essentials accreditations? Read our FAQ on the subject.
Get more advice on achieving the best levels of cyber-security – contact our team today.
Being a CISO in 2021 – our Head of Security David Clarke
Our Head of Security, and CISO Service lead, David is recognised as one of the Top 10 influencers by Thompson Reuters, and a Top 50 global expert by Kingston Technology. He is also one of the Top 30 most influential thought-leaders and thinkers on social media in risk management, compliance, and regtech in the UK. […]
Cyber-Security: Going Beyond Technology
Cyber Security beyond technology: a White Paper write up based upon a webinar hosted by David Clarke – QuoStar Head of Security & CISO, and Chris White – QuoStar Head of Consultancy & the CIO Service in July 2021. Why is cyber security beyond technology such a hot topic? Cyber-security is an increasing threat that […]
10 Data Leak Prevention Tips for Law Firms
Data leak prevention (DLP) is a subject that comes up again and again. “How do I stop data leaks from occurring?” and “How do I know if a data leak has happened?” are two questions that legal firms want answers to. The premise of DLP is to stop intellectual property, client details or other sensitive […]