Prove your IT is secure; It's Cyber-Essential
Mark Lomas
Cloud Solutions Architect & Digital Workforce Empowerment Specialist | Volunteer | Tech enthusiast | ?????|
Everything starts with a plan.
Your business, your financial future, your personal future. Whether it's in your work life or your social life, we all make plans, but in the world of business, we are of course a little more formal.
Let’s get the obvious stuff out of the way, if your business doesn't have an IT plan, then it doesn't have a business plan (or at least, not a very good one). With little exception, most people will use IT to 'run' their business in some form or other. You wouldn't put together a business plan and ignore how you're expecting to run the finances or manage your people, so why leave out IT?
And when you're working on that IT plan, you'll want to make a good IT security plan, and put it as one of the core things that you do. After all, if you're running your business on IT, then a big chunk of your business assets will be digital in nature, and have a very definite value associated with them. If it’s worth something to you, then it’s worth something to criminals – protect yourself!
Here though, comes the problem. You're not an expert in IT, so how on earth are you going to write a cyber-security policy?
Well, one answer would be to get an outside party to do this all for you, but writing up a set of policies and procedures for your business is still going to take time, and money. Wouldn’t it be helpful if a lot of that groundwork was already done for you, preferably without the complexity of the highly detailed bureaucracy of 'big standards' like ISO27001?
Well, thankfully, SMBs have something much more attainable they can aim for; CyberEssentials. Developed and backed by government, CyberEssentials is a set of IT security standards appropriate for the smaller business. Standards that you can put in place, test against, and attain without it costing the earth, and -crucially- without a big disruption to the way you operate.
Best of all, once done, you can proudly display the CyberEssentials badge, offering confidence to your partners and customers that they can trust you with their data - that you've done some due diligence in making sure your IT is secure and safe. Knowing who to trust -digitally- is already important, and this will only grow over time.
You can expect the CyberEssentials badge to become increasingly important over the next 12-18 months. It’s going to be something you’ll want, and ultimately need to look for when finding and working with business partners. Even more important, when customers are making a decision on whether they’re going to work with you, if you haven’t got that badge, it might count against you.
We’ve seen this in larger business with ISO27001. Given the choice, who are you going to trust? Who’s going to trust you? How do you prove ‘trustworthiness’? When it comes to how seriously you take the security of data for customers and partners, showing that you’re proactive is vital.
In a dynamic small business, being able to move quickly is important (and a key advantage), and sometimes diverting resources to make a big IT security policy is hard. So take advantage of the groundwork that's already been done. Get CyberEssentials certified, protect yourself against cyber-crime, and put yourself in a position of trust.