Sign up to the Decent Group newsletter.
Get monthly insights about how software can improve your business performance.
Subscribe nowOne morning you come into work, open up the office and all the screens are blank. Nothing works. There’s a message telling you that if you want your system and files back you need to send £12k of Bitcoin to a stranger. What do you do? It’s painful but it’s affordable. So you arrange the payment, your systems come back online and you hope it doesn’t happen again.
This happens every day to businesses across the UK. Small and medium-sized businesses are key targets, because they don’t always look after the cybersecurity basics. But honestly, the basics are easy to cover.
Cyber Essentials is a UK government scheme created by the National Cyber Security Centre. It just covers the basics, but the basics will keep you safe from the most common cyber attacks.
Cyber Essentials is designed around the most common cybersecurity threats that come through the internet. It focuses on five key technical controls – firewalls, secure configuration, security updates, user access control, and malware protection. You get free support from a cyber security advisor and there are two routes – Cyber Essentials, a mix of self-assessment and independent audit, and Cyber Essentials Plus, which has more rigorous independent testing. We’re Cyber Essentials Plus certified.
Cyber Essentials ensures that you’re doing the obvious stuff. Things like complex passwords, 2 factor authentication, making sure your antivirus software is regularly updated with the latest security updates. It’s simply good practice, but it’s easy not to get round to setting it all up.
Cyber Essentials gives you the push to get the basics in place, along with the support and advice you might need to get it done. Your certificate lasts for a year, so you’ll be regularly reminded to ensure it’s all done.
For most businesses, it’s a relatively easy process to get the five controls in place. For a business like Decent Group, it’s a little more challenging. We run numerous different servers for our clients, with many different software packages, all of which need to be kept updated with the security updates, and protected by credentials that need to be made available safely across our team.
But getting Cyber Essentials in place means peace of mind – and it could mean you win a contract that you might otherwise have lost. Many businesses only work with Cyber Essentials accredited partners. So we recommend it to every business.
Although Cyber Essentials will teach you the principles, you have to live by them. But if you do – if you genuinely follow the guidance – you’re far less likely to be hit by the ransom note.