- 12th December 2019
- Posted by: Phil Aston
- Category: AEC, ransomware, Security
Barely a week goes by these days when we’re not hit by news of a big brand data breach.
Personal data is now currency for criminals. And that means we’re all at risk of being targeted by hackers.
For architectural and engineering firms, cyber resilience is vital both in terms of protecting your project work which can easily span years and also being seen by potential clients as taking the security of your data seriously. We’ve recently helped a few of our consulting engineering clients achieve Cyber Essentials accreditation for them to tender for public sector contracts.
Cyber Essentials is a government scheme that provides a great framework and helps businesses guard against the most common threats.
What does Cyber Essentials consist of?
Cyber Essentials focuses on five basic technical elements that we can all use to remain safe from data breaches.
- Secured internet connections: This has become increasingly important given the prevalence of publicly available WiFi hotspots.
- Secured devices and software: With remote working now commonplace, the security of devices and software while out on the road has never been more important.
- Access control for data and services: Whether you rely on cloud storage services for your files or cloud-based business apps, strict user control is a must.
- Virus and malware protection: An oldie but a goodie; anti-virus and anti-malware software should be used on every type of device (yes – even Macs!).
- Up-to-date devices and software: Manufacturers and software developers work hard to keep their stuff secure for users, and that means remaining up-to-date as users is vital.
We’ve only scratched the surface above, therefore we recommend a thorough read of the government’s excellent page dedicated to these cornerstone principles of Cyber Essentials.
What type of certification is available?
There are two types of certification available to businesses who want to take advantage of Cyber Essentials.
- Cyber Essentials. This is a self-assessment option that provides protection against the most common forms of cyber-attack. It’s a relatively easy certification process and contains just three steps, which can be found here.
- Cyber Essentials Plus. If you want to go the whole hog, Cyber Essentials Plus offers everything in the standard certification, along with an independent assessment of your security controls to ensure you’ve ticked all five technical boxes. You’ll also benefit from a vulnerability scan which looks for unsupported software, open ports and poor firewall configurations.
The benefits of Cyber Essentials certification can’t be understated.
The badge will offer your customers much-needed reassurance that you take cyber security seriously, and you’ll also gain a listing on a government-backed directory.
By making cyber security a cornerstone of your business, you may even gain a key differentiator from the competition. Imagine being able to tell potential new customers that you have government-backed cyber security measures in place.
How many of your competitors can do that?
Tendering for public sector contracts?
We’ve helped a number of clients achieve Cyber Essentials as they regularly tender for public contracts. If your business does then Cyber Essentials certification is a must.
As detailed by the British Assessment Bureau, any business that wants to submit a tender to local or central government will need to meet the new Minimum Cyber Security Standard.
Thankfully, in most cases, a valid Cyber Essentials security should be all you need to demonstrate compliance and ensure your tender effort doesn’t go to waste.
Securing the supply chain
With research suggesting that nearly 45% of businesses have no formal cyber strategy in place, it’s important for weak links to be identified and resolved.
The supply chain is often where those weak links can be found, which is why the government is targeting that area to ensure more companies prioritise cyber security.
Every business within a supply chain has a duty to evaluate IT security, and, when working together, it’s imperative every link within the chain is as secure as the last.
Need help obtaining Cyber Essentials certification?
The team at Compex IT has helped a number of our construction clients achieve Cyber Essentials certification.
With our help, those businesses have also:
- achieved greater compliance with the GDPR;
- demonstrated cyber security compliance to their clients; and
- proved to their supply chain that they take data security seriously.
Cyber Essentials delivers a competitive advantage and ultimate peace of mind. If you need help achieving compliance, just get in touch with our friendly team, today!