Every business handles personal data; however, few have the right controls and procedures in place to handle the data in a safe and secure environment, that is compliant with the law.
The UK Government has created the Cyber Essentials scheme to guide companies in putting the right basic security controls in place to handle personal data, in a way that complies with current legislation.
Cyber Essentials is split into five categories:
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Contained in these five categories are 34 x questions, relating to various controls and procedures that are recommended to be in place in the “defined scope of the company”. These must be individually addressed. Following completion of this, an external scan is then required. This is designed to identify vulnerabilities on the Internet facing side of the business infrastructure.
Cyber Essentials provides a framework for companies to take the necessary steps to protect themselves from the known threats concerning the storage of personal data, such as Malware, theft, accidental or intentional tampering with, or the corruption of personal data.
Completion of Cyber Essentials will also demonstrate to the Information Commissioners Office that security is taken seriously in the business. This can be done by displaying the Cyber Essentials certificate in the business’s office and on its website and email stationary.
Achieving Cyber Essentials Certification is a great foundation for other standards and certifications, such as ISO 27001 and PCI DSS. It will additionally help prepare companies for the impending EU and UK GDPR – General Data Protection Regulation, which comes into force on the 25th May 2018. On this date, all UK companies are required to comply.
For further information regarding Cyber Essentials, PCI and GDPR together with our other essential security products and services, please call one of our security experts on:
0345 450 9393.