Gravitate HR recently successfully underwent the process to become Cyber-Essentials certified.
We are proud of this achievement with the associated benefits it brings to our business and the clients we support, so I thought I’d share some awareness of what the initiative is!
What is it?
The Cyber Essentials scheme is a UK Government initiative to encourage organisations of all sizes and in all sectors, to protect their data and software from security breaches and threats. The process is a self-certification one where the business must be able to demonstrate appropriate IT infrastructure controls are in place to prevent cyber-attacks.
When these controls and software solutions are in place, they can complete the questionnaire and submit it for consideration by a certified Cyber Essentials body who will use the information to award (or deny) the accreditation.
Upon being successfully awarded the accreditation, organisations are free to use the Cyber Essentials logo as a quality stamp on their website and other platforms to demonstrate their attitude towards the importance of cyber security.
Why is it important?
There is an undeniable ever-increasing threat of cyber-crime worldwide. I have attended multiple seminars which relate to cyber-security and the message is always the same – it can happen to any business and no one is immune. Another important learning is that an organisation’s IT security is only ever as strong as the people who use the systems. So having gone through the process, we have ensured that IT security remains at the forefront of all our colleague’s minds as we go about our day jobs.
We need only look at the news outlets and type in “cyber-crime” as the topic to see article after article relating to security hacks and breaches. At time of writing, there are over 10 different articles relating to this in March 2018. We therefore felt it important that we step-up our own controls to help mitigate against a possible breach.
A further importance relates to the advent of the General Data Protection Regulation (GDPR) and the emphasis that the regulation places on keeping data secure and handling it in an appropriate manner. We are currently advising clients on their own GDPR compliance requirements, supplying them with updated documentation and helping them train their staff on the necessary areas through our E-learning platform. We felt it essential that we are able to walk the walk as well as talk the talk on this front.
How did we obtain it?
The key changes required from our existing set-up in order to obtain our Cyber-Essentials accreditation related to our anti-virus software and sharpening up some of our internal processes.
We had our IT support consultants Microsys guiding and supporting us at each stage. They installed an enhanced firewall then worked with us to ensure we took the appropriate steps towards password management, data encryption and multi-factor authentication for signing into our key systems.
Whilst we remain ever-cautious and ever-vigilant in a constantly moving environment, the entire experience has been extremely beneficial to the organisation, not least through obtaining the accreditation and knowing we can demonstrate our commitment to this issue!