How to protect your organisation against cyber attacks
Cyber attacks are a real and growing risk to your business. The security of your business information is vital, so now’s the time to take steps to protect yourself, as no organisation, however large or small, is immune.
To assist SMEs in Scotland protect themselves from cyber attacks, the Scottish Government launched the Cyber Essentials voucher certification scheme which is administered by Scottish Enterprise.
Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously. The scheme is available at two levels:
- Cyber Essentials – an independently verified self assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
- Cyber Essentials PLUS – a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
Five basic controls
The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet. These five technical control themes are:
- Secure your internet connection (firewalls)
- Secure your devices and software (secure configuration)
- Control access to your data and services (user access control)
- Protect from viruses and other malware (malware protection)
- Keep your devices and software up to date (patch management)
Since 1 October 2014, Cyber Essentials became a minimum requirement for bidding for some government contracts.
The Cyber Essentials Voucher will give you an opportunity to choose a supplier who will work with you to gain certification and guide you through the process every step of the way. Funding is currently available of up to £1,000 if you meet the following criteria:
- Be an SME (an enterprise which employs fewer than 250 persons)
- Have a physical base in Scotland
- Be able to provide an SC(Scottish) Company Registration Number
- Be connected to the internet / have an IT system infrastructure
- Be trading (i.e. company status is not dissolved, in liquidation, dormant, etc)
Cyber Essentials voucher application
We would advise that you follow this link to read the information provided by Scottish Enterprise. At the bottom of the page you’ll see a section where you can register your interest for further details about the Cyber Essentials Voucher Scheme and an application form.
Please note the voucher only pays out once the project is complete. You’ll need to produce the following evidence in support of your claim for payment request:
- Cyber Essentials certificate issued by the certifier
- Copy of the supplier’s invoice
- Proof of payment to your supplier
- Project completion report
- Completed feedback sheet
Cyber Essentials cost
If you are under a monthly user support contract with Lugo, enhancements needed to comply with Cyber Essentials, such as changes to user settings and applying Office365 policies, for example, will be included under your current monthly contract at no additional cost.
Any supplementary work, such as time to help you complete the forms, general Cyber Essentials advice, will be charged at £70 per hour + VAT. For most of our existing customers, we would envisage the £1,000 voucher would cover the entire cost of your Cyber Essentials certification.
If you’re not an existing Lugo customer, we’d love to have the opportunity to work with you to support you through your Cyber Essentials Accreditation. Please get in touch and we’ll be able to provide advice on your next steps.
Lugo are here as your ICAS Partner to support you through your Cyber Essentials certification. Please email Liz if you have any questions, or to advise Lugo that you have applied for the voucher.
We would be delighted to hear that you are taking up this offer to make your business more resilient. We look forward to working with you. Please do not hesitate to contact us should you require clarification on any aspect of Cyber Essentials.
About the author
After studying accounting at university, then working in practice for three years, Liz made the transition to follow her passion for IT as the Sage consultant for Scotland for 12 years. Since joining Lugo in 2014, the business has enjoyed healthy growth, providing reliable IT support to accountancy firms across the country.
This blog is one of a series of articles from our commercial partners.
The views expressed are those of the author and not necessarily those of ICAS.