The Importantance of Cyber Essentials

What is Cyber Essentials

Cyber Essentials is an effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks. Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place



Why Should You Get Cyber Essentials Certification

  • Reassure customers that you are working to secure your IT against cyber attack.
  • Attract new business with the promise you have cyber security measures in place.
  • You have a clear picture of your organisation's cyber security level.
  • Some Government contracts require Cyber Essentials certification.
  • Where appropriate, you should look to use measures such as pseudonymisation and encryption.

How Can T1S Help You

First of all, we are certified so we know the process.  Second, we know Cyber Security and how its being used by both small and large companies.  We can help you prepare for certification assessment with products, services and process documentation. This can be in the form of products and services or advice and help in working towards Cyber Essentials certification which can give your customers confidence that their data is safe with you.

UK GDPR Explained

What is UK GDPR

When the UK was part of the EU we had to adhere to the GDPR (General Data Protection Regulation). When we left the EU we adopted the EU GDPR into our laws as UK GDPR.  UK GDPR is a set of controls or security principles on how personal data is handled and processed.  The aim is to ensure that companies of any size protects personal data and that only the correct people use this data in the right way. 



Technical Summary of UK GDPR (Security)  

  • A key principle of the UK GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’.
  • Doing this requires you to consider things like risk analysis, organisational policies, and physical and technical measures.
  • You also have to take into account additional requirements about the security of your processing – and these also apply to data processors.
  • You can consider the state of the art and costs of implementation when deciding what measures to take – but they must be appropriate both to your circumstances and the risk your processing poses.
  • Where appropriate, you should look to use measures such as pseudonymisation and encryption.
  • Your measures must ensure the ‘confidentiality, integrity and availability’ of your systems and services and the personal data you process within them.
  • The measures must also enable you to restore access and availability to personal data in a timely manner in the event of a physical or technical incident.
  • You also need to ensure that you have appropriate processes in place to test the effectiveness of your measures, and undertake any required improvements.

What This Means For You

  • Understand the risks from how you process and store user/customer data.
  • When looking at what measures to put in place, the investment is proportional to your company income
  • The type of information you are trying to protect and how you are protecting it are documented (Security Policy)
  • Where possible you have additional policies in place to reinforce your Security Policy
  • Review your policies regularly and improve them as your business changes
  • Put in place technical controls as specified in frameworks such as Cyber Essentials
  • Understand the requirements of confidentiality, integrity and availability for the information you process
  • Make sure data can be restored in the event of any incidents by establishing a backup process
  • Regular tests of the technical controls in place and highlight any areas for improvement
  • Ensure that any 3rd parties also implement appropriate technical controls 


How Can T1S Help You

We can help you to understand where your risks are and how best to invest in Cyber Security.  This can be in the form of products and services or advice and help in working towards Cyber Essentials certification which can give your customers confidence that their data is safe with you.