At ABL Business we recently became Cyber Essentials certified– which means our online and in-house systems for storing and processing data have been verified as secure by a team of independent experts.
But is that really necessary? You trust your own team to do a thorough job and you may feel confident you’ve got everything covered.
The fact is that threats are getting more prevalent every day and for each security measure put in place, fraudsters and hackers are evolving the way they operate, learning new tricks to attack businesses and steal valuable information.
Cyber attacks come in many shapes and sizes, from phishing scams via email to connecting with an insecure network. Some can be hard to spot, some very easy, but once your systems become vulnerable you can be susceptible to more serious attacks.
Cyber Essentials is a simple, but effective, Government-backed scheme which enables you to demonstrate your commitment to cyber security to your customers and potential customers.
It ensures that all customer and employee data that you hold is protected against a whole range of the most common cyber attacks and that you are implementing effective processes to limit human error. It also demonstrates that your company is compliant with GDPR, (General Data Protection Regulation).
So how does it work?
To qualify for the Cyber Essentials certification we had to test our systems against five security controls then pass the results to a qualified assessor who verified the information provided.
At ABL we went through a number of processes to ensure we would make the grade.
- We reviewed and updated all our policies, including those for data protection, cyber protection and all associated activities, to ensure that personal data is held and processed appropriately and safely.
- We classify all our data and restrict access based on that classification, always ensuring that we have full consent to use that data, whether online or for business purposes.
- We upgraded our internal security and that of our assets, such as laptops mobile phones and routers, to ensure that all data held is secure and fully protected.
- We updated protocols to deal with any potential data breaches, ensuring that all internal systems work with us to process data smoothly and in a controlled manner.
- We will be launching our new website to reflect the GDPR changes and our Cyber Essentials certification.
From May 25, all businesses have to be GDPR compliant, facing a risk of financial penalties for any breach.
We feel the new regulation should be used as a positive opportunity for businesses to review and refresh their systems, to ensure they are providing the most up-to-date and efficient services to their customers.
Joint Managing Director of ABL Business, Alex Beardsley, says: “As a commercial finance broker, handling sensitive financial information, the safety of our data and that of our clients is always paramount. But surely the same should go for any organisation, whatever its nature or size?
“By obtaining the Cyber Essentials certification we can show that we are fully committed to the protection of our clients’ and visitors’ data, from everyone who receives our newsletter to those who use our financial brokerage services, as well as the partners and funders we work with to provide our services”.
Another good reason for many companies to get on board is that, since October 2014, Cyber Essentials certification has become a minimum requirement if you want to bid for certain government contracts.
The process itself will continue to ensure that we keep our systems fresh and up to speed with current standards, as participants are encouraged to recertify at least once a year and where appropriate, progress their security.
Having found it to be such a valuable and informative experience, we now intend to work towards the next level – Cyber Essentials PLUS. To achieve this even higher level of assurance, our systems will be tested by a qualified, independent assessor who examines the same five controls, checking that they work in practice by simulating basic hacking and phishing attacks.
For further information about Cyber Essentials please visit