Cyber attacks are an all-to-real reality for UK businesses, yet cybersecurity is still not taken as seriously as it should be. The Cyber Security Breaches Survey 2019 highlights this fact, with a third of businesses have experienced a cybersecurity breach in the last 12-months. Attacks include phishing attacks, malware, spyware, and viruses, costing the average business £4180.
In reflection of this, a petition has been launched to persuade the government to enforce a minimum level of cybersecurity protection for medium and large-sized businesses. Backed by cybersecurity and IT professionals, the Make the NCSC’s Cyber Essentials scheme mandatory for all UK businesses with 50+ staff petition is starting to gain attention.
At the moment, the National Cyber Security Centre’s Cyber Essentials scheme is optional. The petition aims to get the government to make this scheme compulsory for organisations. Doing so will ensure that organisations can protect themselves if a cyber attack occurs. It will also reduce the costs associated with cybercrime and better protect the public.
The petition is asking the government to make it a legal requirement for:
The petition is also asking for government assistance to help businesses achieve compliance. This assistance could be funding or exemption for businesses that would find it difficult to cover the certification costs.
Cyber Essentials is a government-backed scheme that launched on the 5th of June 2014. The scheme was created to help organisations protect themselves from common cyber attacks. The Cyber Essentials scheme allows businesses to demonstrate their commitment to cybersecurity. Cyber Essentials certification allows businesses to reassure customers, attract new business, and have a clear picture of their cybersecurity level.
Through the Cyber Essentials scheme, your business will achieve five key security goals:
1. Keep your software and devices up to date: Your business will keep its computers and smartphones up to date, including their apps and operating systems. Updates, also known as patches, include fixes to security vulnerabilities. This making patching one of the most important security actions for your business to make.
2. Secure your software and devices: Your business will make changes to software and devices to raise their levels of security, over their default settings. Devices and online accounts should be password protected and default admin passwords should be changed. Banking and IT administration accounts should use two-factor authentication (2FA).
3. Secure your internet connection: Your business will secure its internet connection with a firewall. A firewall creates a secure doorway between your computers and the internet. This secure doorway checks incoming traffic from the internet, to ascertain if it should be allowed in. To gain Cyber Essentials certification, the firewall must be configured to protect all devices, and particularly those that connect to public or untrusted Wi-Fi networks.
4. Protect from malware and viruses: Your business will protect itself from viruses and malicious software, such as ransomware. Computers must have anti-malware software and smartphones should be password protected. Whitelisting and sandboxing are two options that will strengthen your business’s security.
5. Control access to your services and data: Your business will protect itself from stolen or misused staff accounts, by giving just enough access to settings, online services, and software, that they need to complete their role. Administration privileges should only be given to those who need them.