Minerva achieved Cyber Essentials accreditation in January this year, after months of hard work, and what felt like a million new tracking documents, policies and training sessions. But what does Cyber Essentials actually mean for us and our customers?
In the digital age, where every aspect of our business operations uses technology, safeguarding our digital assets is crucial. Cybersecurity threats loom large, with cybercriminals constantly coming up with new methods to exploit vulnerabilities and compromise sensitive data. It seems like not a week goes past without another news story about a company’s security being
breached and sensitive data being accessed.
For small businesses who want to take their cyber security seriously, Cyber Essentials is the best route to ensure that not only our data is protected, but that we don’t pose a risk to our customers either.
What is Cyber Essentials?
In a nutshell, Cyber Essentials is a government-backed cybersecurity certification programme designed to help businesses of all sizes improve their digital security against common cyber threats. It provides a framework of fundamental security measures that, when implemented effectively, significantly reduce the risk of cyberattacks. Accreditation is renewed annually,
ensuring that companies must continue to maintain their high standards of security.
What does a Cyber Essentials Accreditation ensure?
- Mitigating Risks:
Small businesses in particular are often perceived as low-hanging fruit by cybercriminals due to their potentially limited resources and less sophisticated security measures. Cyber Essentials offers a structured approach to ensure we identify and mitigate common cybersecurity risks. By safeguarding our systems and data, we also protect our customers from falling victim to cyber threats such as data breaches and identity theft. - Enhancing Trust and Credibility:
By obtaining Cyber Essentials certification, Minerva can demonstrate our commitment to safeguarding customer data and upholding high cybersecurity standards. Hopefully our customers feel reassured knowing that any sensitive information we hold is in safe hands. - Regulatory Compliance:
With the implementation of stringent data protection regulations such as GDPR (General Data Protection Regulation) and the Data Protection Act, businesses in the UK must ensure that they adhere to regulatory requirements concerning data security and privacy. Cyber Essentials aligns with these regulatory frameworks, providing us with a roadmap to compliance, protecting
customer privacy and complying with UK data protection laws. - Strengthening Business Continuity:
A cyberattack can wreak havoc on small businesses, disrupting operations, damaging reputation, and incurring substantial financial losses. Cyber Essentials equips us with robust cybersecurity practices that not only mitigate the risk of cyber incidents but sets us up to ensure a swift recovery in the event of an attack. By minimising the impact of potential disruptions, we can ensure uninterrupted service delivery and customer satisfaction. - Cost-Effective Security:
Contrary to the misconception that robust cybersecurity measures come with exorbitant costs, Cyber Essentials is a cost-effective solution tailored to the specific needs and capabilities of small businesses in the UK. By focusing on essential security controls and best practices, Cyber Essentials enables small businesses to maximise their cybersecurity investments, achieving
robust protection without breaking the bank!
What has changed at Minerva as a result of Cyber Essentials?
We have tightened our processes and implemented a number of new IT security policies across the company. This includes:
- training staff to recognize security threats or breaches and report them swiftly and appropriately
- ensuring all devices are securely configured
- using a password manager to ensure that all passwords that staff use online meet minimum security standards
- enabling multi factor authentication on every system possible
- reviewing every 3rd party system we use to analyse their security strength and mitigating risks where those systems are not deemed sufficiently secure
- implementing annual device audits of all staff mobile phones and laptops to ensure that they are being used in line with our new policies
What will our customers see that is different?
Hopefully very little! Our changes have been internal and should not impact our customers at all.
However we are currently reviewing how we share files with a view to making this a more secure process, so there may be a small change coming over the next few months.
We are really proud of having achieved certification, and hope that it will give our customers the reassurance that Cyber Security (our own and our customers’) is something that is now at the heart of what we do.
You can find out more about Cyber Essentials on the National Cyber Security Centre website.
