Organisations certified by TÜV SÜD can promote that their IT systems comply with a Government-endorsed standard, demonstrating that they are protecting their own and their customers’ data by having a robust and secure IT environment.
Cyber Essentials is now mandatory for suppliers of Government contracts, which involve handling personal information, and providing ICT products and services. It will also enable organisations to prove they have taken the appropriate risk mitigation steps to comply with the new General Data Protection Regulation (GDPR). Organisations in non-compliance with the GDPR after 25th May 2018 could face heavy fines of up to four per cent of annual global turnover in the event of a data breach.
Ewan Fisher, Shared Services Centre Performance & Operations Manager at TÜV SÜD United Kingdom, said: “Cyber criminals target every size of organisation, both large and small. Cyber Essentials helps them to combat cyber attacks, the majority of which exploit basic IT system vulnerabilities. By making it easier for organisations to protect themselves, they are less likely to suffer data loss, which could have a significant impact in terms of lost revenue or reputation, as well as result in fines or prosecution.
“As a globally recognised provider of independent testing, inspection and certification, TÜV SÜD is the perfect Certified Body partner for an organisation that wishes to become Cyber Essentials certified so it can proactively demonstrate its commitment to IT security and the protection of customer data,” concluded Fisher.
Just under half (46%) of all UK businesses identified at least one cyber security breach or attack in the last twelve months. This rises to two-thirds among medium firms (66%) and larger firms (68%)*.
The Cyber Essentials standard covers five key areas:
Secure configuration – security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.
Boundary firewalls and internet gateways – provide a basic level of protection where a user connects to the Internet.
Access control and administrative privilege management – protects user accounts and helps to prevent misuse of privileged accounts.
Patch management – ensures that software on computers and network devices is up to date and capable of resisting low-level cyber attacks.
Malware protection – protects against a broad range of malware (including computer viruses, worms, spyware, botnets and ransomware).
* Source: Cyber Security Breaches Survey 2017