The Cyber Essentials Scheme (CES) - http://www.cyberessentials.org is relevant to every business. Even small ones like ours.
What it does right:
- it makes you think about security and what you should consider doing to protect your business
- it includes useful, practical tests (Cyber Essentials Plus). Whilst some may argue these aren’t as complete as other tests they are a very good place to start and are very valuable
- it addresses some of the main problems your business faces; it provides a baseline threat assessment for you (i.e. CES has already worked out what the top threats to your business are likely to be), and then it includes test to see how your defences line up to mitigate them.
- it recognises the end user device and it’s role in the security of your business
- it let’s you know what you can do to provide good cyber hygiene and informs you (you will learn from it)
Our advice for those business owners of UK companies of all sizes is this:
You may be daunted by the tests or the process. Start by downloading the questionnaire . Hand it to the person in charge of your IT/IS, or read it yourself and fill it in using your knowledge or your IT. You will feel better informed. You can then start to think about how you would fair in an ‘Essentials Plus’ assessment. Identify cost effective ways to make improvements. Create a ‘get well plan’. Identify people and skills and roles - do you have the people and skills to make things better? View it as an IT Security MOT. Some bits you can fix yourself, some you will need expert help with. But if you don’t do anything it’s like driving without an MOT: your business may not be roadworthy or safe in cyber space.