Obtaining the Cyber Essentials mark
Sparked largely by the Covid-19 pandemic, Singapore’s digital economy has experienced rapid growth in the past 2-3 years, with organisations keen to remain operational and competitive despite the constraints posed by the global health crisis. Digitalisation presents huge opportunities in the form of increased productivity, heightened organisational agility and a higher standard of end product or service experience for consumers, however it also presents new risks. With a greater proportion of economic activity now conducted in the digital realm, criminals have taken note, and are conducting cyber-attacks on an unprecedented scale using increasingly sophisticated methods.
Cyber-attacks can have devastating consequences for organisations both reputationally, legally and financially, and with the annual global cost of cyber crime likely to rise to around $10.5 trillion by 2025, the problem is only likely to get worse. There is also an economic need to defend against cyber threats, as if business customers and individually consumers are wary of the risks posed by digitisation, they will be less likely to invest in the digital realm, leading to low growth or even stagnation in the sector.
Baseline cyber security measures all SMEs should implement…
Cyber Essentials is an accreditation scheme administered by the Cyber Security Agency of Singapore, which aims to give resource-constrained SMEs a sound foundational cybersecurity framework. Designed to safeguard confidence in the digital economy and enhance Singapore’s national cyber security posture, the scheme requires that businesses institute cyber security controls and technical measures in respect of 5 key categories:
Assets. Organisations seeking accreditation must ensure employees are well-versed in cyber security best practice, and have measures in place to protect all data, software and hardware organisation-wide.
Secure/protect. Organisations should have a range of technical instruments in place which offer protection against malware and enable access governance. They must also prove that systems and hardware are configured in the most secure way possible.
Update. This category requires organisations to demonstrate that devices and software are updated in line with manufacturer recommendations.
Backup. Organisations must demonstrate a secure and comprehensive backup strategy.
Respond. This category requires organisations to have systems and plans in place to identify and take action against cyber threats, as well as to recover in the event of a cyber attack.
What sort of organisations in the Cyber Essentials mark aimed at and what are the benefits of accreditation?
It’s important to be mindful of the limitations of Cyber Essentials. The scheme sets out measures that are viable and achievable for businesses with limited IT infrastructure and/or few or no employees with significant cybersecurity expertise. As a standalone accreditation it’s ideal for businesses with a low risk profile and those involved in the handling of less sensitive data types. Organisations with the resources to implement more advanced protection measures, particularly if operating within a more demanding risk environment, are recommended to aim for Cyber Trust mark accreditation instead.
The benefits of possessing the Cyber Essentials check mark include:
Renewed confidence in your business
Once accredited, your partners, clients, suppliers and associates alike will be reassured that their data is safe in the hands of your business. Stakeholders will also be satisfied that you have the appropriate systems in place to restore operations following a disruptive outage or cyber attack.
The cyber essentials mark is a badge of credibility: a sign of a forward thinking, proactive organisation keen to look after the interests of its clients. Just as a hotel features a star rating attesting to the quality of accommodation, your cyber essentials mark is an attestation of your commitment to cyber security best practice. This badge of credibility can be displayed proudly on your website and could be useful at attracting new customers.
It could prove a valuable learning opportunity
Setting the cyber essentials framework in place will allow you to familiarise yourself with your business’s IT systems, and could introduce you to new concepts in the field of data security. You’ll gain insight into you organisation’s current cyber security defence level, and gain confidence in your ability to apply the solutions that will improve it.
Protection and resilience in the face of common threats
The Cyber essentials framework aims to protect businesses from all but the most advanced cyber threats, with the ability to preclude roughly 80% of attacks. Provisions are also made for backup and recovery, aiding your business continuity should an attack slip through the net of your protection infrastructure.
In our next article we’ll outline the simple accreditation process, and discuss the considerations you should make when implementing the 5 control categories.
AsiaCloud - Your Trusted IT Partner
Using technology lets you focus on what you do best while getting more done. Many large "IT partners" make big promises and charge big fees for delivering them, but the actual service falls far short.
It is likely that you are paying too much for your technology, especially if it's old. You deserve a white glove service for what you are paying, and you may even be paying too much. We'll handle everything - warranties, renewals, unresponsive vendors - and keep your data protected from ransomware and hacking. Get in contact to find out more.