In the latest instalment of our Spotlight series, we talk to SafeWatch managing director Steven Gordon about the Government-backed Cyber Essentials scheme.
Q: Hi Steve, let’s begin by talking a bit about your company. What can you tell us about SafeWatch Online Ltd?
We’re based in Oxfordshire and we utilise frameworks like Cyber Essentials and IASME Gold to help business assess their current situation in relation to information security, legislative compliance and governance. We combine the best security products along with business intelligence tools to give a suite of tools that educate, analyse and help businesses manage their IT security.
We’re part of Blue Planet IT which I founded in 2010, bringing together a collection of skilled and talented individuals from the world of IT. Some of the companies that our staff come from are names like HP, The Financial Times Group, Zenos and Fired Earth, to name a few. Our staff have held senior posts within these companies, responsible for design, implementation and support of 1000s of users.
Q: SafeWatch joined our Centre last year as a Trusted Partner, which means you’re available to help our members complete the Cyber Essentials programme. What is Cyber Essentials and why do businesses need it?
Cyber Essentials is a simple, Government-backed scheme that will help protect businesses, whatever its size, against a whole range of the most common cyber attacks. The scheme is administered by the National Cyber Security Centre and its delivery partner IASME.
As well as guarding against the most common cyber threats, it also demonstrates your commitment to cyber security which can often become a requirement when tendering for work in both public and private sectors.
Q: What does it involve?
IASME will send the business a list of questions that form part of a self-assessment. We’re on hand to help businesses put measures in place that will help them pass the self-assessment. Once they’ve passed it, they are issued a Cyber Essentials certificate which is valid for one year.
Q: How much does it cost for a basic level Cyber Essentials assessment?
It costs £300+VAT for each assessment, so it’s very affordable. As soon as you have paid, IASME will send you login details for your online assessment portal. You then have six months to complete the assessment before the account is archived.
Q: What kind of changes do businesses typically need to make to gain the Cyber Essentials certificate?
We’re talking about changing default passwords, making sure you’ve got a firewall protecting your environment, making sure you’ve got antivirus software, ensuring you’re updating your devices and that only people you want to have access to those devices have access. It’s all relatively easy stuff to implement.
Q: What is Cyber Essentials Plus?
Cyber Essentials Plus involves a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. The assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.
The Cyber Essentials question set is part of the Cyber Essentials Plus certification process. If you have achieved the basic level Cyber Essentials certification less than three months before certifying to Cyber Essentials Plus you will not need to repeat the self-assessment questions stage.
Q: What would you say to business owners who are reluctant to incur the cost of Cyber Essentials, given the current economic climate?
If Cyber Essentials protects you from 80% of known cyber attacks – malwares and things out there that are likely to trip you up – then, as a director of a company, you’d be found wanting if you’d decided not to do it.
Research suggests SMEs are being successfully hacked every 19 seconds in the UK. That’s a very scary statistic so it’s certainly worth investing in Cyber Essentials. We recently worked with a business that lost their main client after being hit by a ransomware attack. We also know charities that have suffered – and they wouldn’t have if they’d had Cyber Essentials in place.
Q: The Government wants to rapidly increase uptake of the Cyber Essentials scheme. How easy is it to persuade businesses to invest in schemes that will improve their cyber security?
Awareness of it is key. We talk to customers about Cyber Essentials and the reception has always been positive. It is an excellent investment - £300 is a lot cheaper than the consequences of being hit by a data breach such as a ransomware attack. Businesses have literally been wiped out.
SafeWatch Online are part of our Trusted Partners network. Trusted Partners are official providers of Cyber Essentials and Cyber Essentials Plus Certification. To find out more about SafeWatch Online, visit their website here.