Site icon Storm ID Blog

Storm is Now Cyber Essentials Plus Certified

Padlock over cyberspace

As a digital agency, we work with sensitive client data every day, and with that responsibility, we need to ensure that we’re taking cybersecurity seriously. This is why we’re very happy to announce that we have just been Cyber Essentials Plus certified, taking another big step in reinforcing the safety and security of both our clients’ data and our own. We had already attained the basic Cyber Essentials certification in 2018, so this was our logical next step. But what is the Cyber Essentials certification, and why have we attained it?

What is Cyber Essentials?

Cyber Essentials is a cybersecurity certification program set up by the UK government in 2014 to encourage businesses of all sizes to establish a good cybersecurity foundation and reduce their vulnerability to the most common forms of attack.

These include:

Cyber Essentials is split into two certifications:

  1. Cyber Essentials

    This is the first certification and involves an organisation following a checklist of requirements to increase their security such as setting up a firewall and updating company computers. The requirements are foundational, meaning that they are relatively simple to complete and are designed to establish a baseline of cybersecurity, rather than be the only measures taken. In line with the foundational nature of the certificate, Cyber Essentials is a self-certification, meaning that once the requirements have been met, the company can send in a completed checklist to gain the certification.

  2. Cyber Essentials Plus

    The next step after acquiring the first Cyber Essentials certification. This level of certification verifies that you have actually fulfilled the requirements of the Cyber Essentials certification – i.e. checks that you have done what you say you’ve done. This involves a security auditor coming on-site to your business and testing if your implemented security controls are working as they’re supposed to. If they are, then you’ll be awarded the certification. If not, you’ll be given a report indicating where you still need to improve against the requirements.

 

Why Cyber Essentials?

There are two primary reasons to get the Cyber Essentials certifications: data protection (Data Protection Act 2018 and GDPR) and company reputation.

Data protection is something any organisation managing data, especially any data that doesn’t belong to them, must be aware of and act upon.  With data breaches becoming more and more commonplace, and even huge companies falling victim, businesses need to take their information security and privacy controls seriously if they wish to avoid joining the list of breached companies. A breach can mean attackers acquiring valuable information related to your company or your customers and clients, which could then be leaked into the public domain, used for extortion and blackmail or sold to competitors.

GDPR is designed to enforce data protection, and companies who lose data containing personal information and are found not to have adequate defences in place can be fined. These fines can be substantial, up to €20 million or 4% of global annual revenue, so businesses must act to put safeguards in place.

A data breach is not only potentially costly from a financial perspective, but also from a reputational one. 64% of customers say that they are unlikely to do business with a company where financial or sensitive data was stolen, and 50% say the same about a company where non-sensitive information was stolen. For an e-commerce business, this can be disastrous to long term growth. If you are a B2B company, this can affect sales, stop negotiations and close doors to new business.

Provable strong security is also becoming a pre-requisite for many organisations when entering into partnerships with other businesses such as agencies or sub-contractors. This is especially true of governments. Not having adequate security, or not being able to prove that you have taken the necessary steps, can end a potential new business deal before it’s even begun.

 

What we did to prepare

As a security conscious company, Storm had already put into place a number of measures to increase our security such as:

These measures are an essential foundation for any company, but to pass Cyber Essentials we needed to introduce additional steps and tools:

How can you improve your security today?

Cybersecurity can be daunting to begin with and it can feel like there are just too many things to do. Following the Cyber Essentials checklist can make this more manageable, and is based on five technical control themes:

Cybersecurity has never been as important as it is now, and while it may seem difficult to get right, pursuing certifications like Cyber Essentials can help businesses of all sizes begin securing their data and their reputation against malicious actors.

For us at Storm, achieving Cyber Essentials Plus is a positive next step, but we already have our sights set on the next, more rigorous certification of ISO 27001. Attackers are only getting more sophisticated, and in our ever more connected world, we want to make sure that we’re not just ready for the threats of now, but the future too.

If you want to know more about how we keep our client’s data secure or want to propose a new project to us, get in touch today and discover how Storm ID can help you.

Exit mobile version