Cyber security has become more of a talking point for small businesses than ever before this year, but there are still barriers for those who want to start or increase the cyber security in their organisation. From finance to knowledge gaps, there are ways around these barriers for businesses of all sizes and capabilities. In the latest in our thought leadership series, we hear from IASME about the small steps businesses and individuals can take to start their cyber security journey: In the history of business, through necessity and natural development, people have had to take notice of separate but related issues that affect their work, e.g. law, insurance, accounting, marketing, and health and safety. Now there is cyber security, a comparatively new kid on the block, it is facing some difficulties settling in.
More businesses than ever operate online, and the global pandemic has forced people to work at home on their personal computers and phones. This has meant an increase in the very significant threat of cybercrime which affects almost every modern business. The threat could mean anything from client data theft and breach of Data Protection legislation, the locking up of computer systems through ransomware or a sensitive information leak that damages your reputation. The disruption and cost could, in the worse-case scenario, mean going out of business.
It is a lot to take in, especially as most small businesses have usually got all their resources tied up running the business rather than focused on IT and cyber security. Most people understand cyber security to be part and parcel of technology, and if your business is not associated with IT and you are not a person that understands technology, this could be something that you worry about.
The barrier to understanding things associated with technology for non-tech people can be significant, and this common block is something that needs to be understood if we want people to start on their essential journey into cyber security.
Let's take stock. The National Cyber Security Centre only opened in 2016, and this was in order to work towards making the UK the safest place to live and work online. Since the start of this year, a series of 10 Cyber Resilience Centres, closely associated with the police, have started opening up throughout England and Wales. Finally, IASME became the National Cyber Security Centre's (NCSC) Cyber Essentials partner in April 2020 with a network of more than 240 Certification Bodies across the UK.
All these organisations have a role in providing both information and support for individuals and small businesses to start their journey in learning about cyber security and building their knowledge. The hope is that eventually small businesses will have the awareness and confidence to align with a Government approved scheme like Cyber Essentials.
Cyber security is a huge cultural shift and it will take time. If you are starting at zero, then of course it will feel difficult. The important thing is to find a source of information that you can understand and start with something you can do. Then, as long as you are moving forward, you are learning and evolving your business in the right direction.
Until recently, much of the cyber security information guidance started at too high a level for those with no IT background. Small businesses have asked for a tool that can help them review their current level of protection so they can obtain targeted advice on next steps. They would like the directions to be available as 'beginner' level guidance.
IASME to develop a pre-Cyber Essentials review to guide companies at a beginner level. Cyber Essentials is the Government-backed scheme that aims to help organisations to implement five simple controls or procedures to protect themselves against the most common cyber attacks. IASME is the UK Government's Cyber Essentials Partner and trusted supporter of BRIM. Founded on the principle that basic cyber security is an essential requirement for the supply chains of all organisations, IASME is committed to helping small and medium sized businesses improve their cyber security.
Despite Cyber Essentials being a basic level scheme, it does demand a degree of knowledge and understanding of technical security that can be challenging for the novice. For this reason, many organisations find it difficult to meet the 5 basic controls for Cyber Essentials without additional guidance in order to put these in place.
To address this need, IASME is developing a pre-Cyber Essentials review, which will be accessible in the form of a free of charge, multiple choice set of questions on the IASME website. The process of working through the questions will inform a business owner about their own level of understanding and what aspects they need to focus on. They will be directed towards the appropriate guidance based on their answers to the questions. Upon completion, the business owner will understand their level of preparedness for undertaking Cyber Essentials and will be presented with a checklist and a description of what additional requirements or steps there are still to achieve.
Although accomplishing Cyber Essentials is the end goal, it may be that there are many steps along the way that need to come first. Small spoonfuls of information about cyber security will be available, allowing someone who describes themselves as ‘non tech’ to learn at their own pace. That might mean learning about making a strong password or enabling two-factor authentication, then later on down the road learning how to install anti-malware software and turn on their firewall.
Working from home has raised some urgent security questions for businesses. How secure is your home network and your personal computer, and who else is using it? At the very least, every person who uses your computer or tablet should have their own account and you should know that the default password on your home router has been changed. Guidance to these and other issues are now readily available and worth learning about.
Even if you have got some strong basics in place and feel fairly confident that you have taken adequate steps to protect your small business, cyber criminals will try and find their way into your system by using the weakest link in the chain. This could be via a contractor or a less secure business within your supply chain.
If you are unsure about where you lie on the cyber security journey and could use some guidance about the basics, look out for the pre-Cyber Essentials review which will be available on the IASME website later this autumn.