Inspiring Business by Sharing Success

Cyber security's ticking time bomb

Derbyshire businesses urged to take action before it’s too late

A Derbyshire company working to help other firms with their computer security is warning of a “ticking time bomb” if they don’t take steps to shore up their cyber defences.

Cyber security issues have come to the fore in the light of the Equifax data breach of 2017 and, more recently, the Cambridge Analytica scandal involving Facebook.

Instant messaging Whatsapp became another high-profile victim this week when it emerged that hackers in Israel had installed spyware on people’s smartphones.

But while it’s the global names that make the headlines, Belper firm CertiKit is warning that even small businesses are at risk of a cyber attack.

The High Street company was launched by IT consultant Ken Holmes in 2010 and writes “toolkits” containing documents which help organisations apply for certification in cyber security, as well as other areas such as business management.

Chief executive Mr Holmes said he had heard of examples of businesses of all sizes becoming the victims of hackers and warned of a “ticking time bomb” if firms ignored their cyber security.

One way to fight the hackers, he said, would be to apply for certification in Cyber Essentials, a Government scheme which tackles key areas such as using firewalls, strong passwords and antivirus programs.

He added:

“The Cyber Essentials scheme represents a base level of information security that every organisation should be implementing in order to protect themselves from the threats out there on the Internet.

“Certification sends a message to customers, suppliers, employees and other people involved in the organisation that cyber security matters, and that their sensitive information is being looked after.

“It’s also an excellent starting point for demonstrating compliance with data protection law, such as the GDPR and the Data Protection Act 2018. In today’s connected world, it’s a no-brainer.”

Being the victim of a cyber attack can cause myriad problems for small businesses. For instance, a nasty virus could result in them losing vital data, disrupting cashflow and taking up staff time.

An attack could prevent them from trading and land them in hot water legally. Loss of personal data could breach British and European laws, leading to prosecution and plenty of bad publicity.

Cyber Essentials was launched in 2014 and, while it may not be a legal requirement, it is proving popular with organisations serious about their cyber security.

As well as peace of mind, certification shows firms’ customers that they take cyber security seriously and are taking steps to keep the data they hold safe.

It also allows them to bid for lucrative contracts with the Government. Those without certification are excluded from making bids.

Despite already being certified to the ISO27001 standard – an international accolade governing cyber security in far greater depth – CertiKit obtained its Cyber Essentials certificate last year.

Mr Holmes said:

“Cyber Essentials gives us reassurance that we’ve covered the basics of information security, and has encouraged us to look in more detail at how we set up our computers, who needs access to which systems, and how our firewall router can be used to protect us.

“We’ve been certified to the ISO27001 standard for some time, but we found that the addition of Cyber Essentials supplemented that certification very effectively.

“We also encourage all of our suppliers to join the scheme so that we know our supply chain is secure.”

In recent months, there has been a push for small businesses, chartered accountants, lawyers, higher education institutes and local government to become Cyber Essentials certified.

The process involves an organisation selecting a certification body and then verifying that their IT is secure and meets the required standard.

Cyber Essentials certification costs as little as £300, and CertiKit sells a toolkit costing £199 to help with the application process.

Included are policies on everything from firewalls and mobile devices to passwords and cloud computing, along with forms, posters and a gap assessment spreadsheet.

The final stage is to complete a questionnaire and, providing all is well, the firm receives Cyber Essentials certification. It is recommended to renew annually.

For more information on Cyber Essentials, read our blog posts at certikit.com/blog


< Back