09 Jan IASME Consortium – Certifying the Providers of Cyber Essentials
Forensic Control are Cyber Essentials assessors. As a Cyber Essentials certifying body, we are officially government-qualified to help organisations like yours prevent the most common internet attacks and breaches helping you reduce the risks to your revenue, data, reputation, brand values, systems and intellectual property. In this post we’re taking a look at IASME, one of just four UK government-appointed Cyber Essentials accreditation bodies, who have accredited us to be Cyber Essentials assessors.
About the IASME Consortium
The IASME organisation assesses and certifies organisations against two standards, the IASME Governance Standard and the Cyber Essentials Scheme.
Their governance standard is firmly based on international best practice. It is strongly risk-based and as such covers items like the importance of physical security, the vital role played by staff awareness and – of course – essential data backup.
As you know, security issues around IT can easily prove the downfall of a business, whatever its size. The wisdom and insight the standard delivers to small UK businesses is invaluable, helping organisations like yours to properly secure IT systems and data.
The IASME standard has been widely recognised in the business world as the best cyber security standard for SMEs provided by the government, praised by trade associations and industry groups alike.
The excellent IASME Standard – Developed with small business best practice in mind
The international standard, ISO27001, is famously comprehensive. But at the same time, it is extremely challenging for SMEs to both achieve and maintain. The IASME certification complies with ISO27001, the respected specification for information security management systems that covers the legal, physical and technical controls involved in an organisation’s information risk management processes. The IASME standard was carefully developed over several years thanks to a government Technology Strategy Board, funded to provide an achievable cyber security standard for small companies.
The IASME standard comes with important similarities and differences. It’s written along the same lines but designed specifically for small companies, realistic and affordable, a gold standard that clearly demonstrates your business has achieved good baseline compliance with international standards.
· Downloading software updates in a timely fashion, as they become available
· Using strong, hacker-proof passwords
· Deleting suspicious email messages without clicking on them or opening them
· Using good anti-virus and anti-malware products as a matter of course
· Training your staff in how to protect the systems and tools they use
Who threatens your business?
So who, exactly, could pose a threat to your business? Perhaps a disgruntled employee or customer. Maybe someone who compromises your systems or information by accident, or because of negligence. It might be a criminal who wants to steal valuable data or money, simply because they’ve taken a dislike to what you do. It can even be competing businesses who want to grab an unfair advantage.
People can steal your equipment or use it without being authorised. Someone could make a remote attack on your business systems or even your website. It could mean they attack the information held in third party systems, for example any hosted services you use or – frighteningly – your business bank account. It can also mean getting access to information through your employees.
The IASME standard also comes at a reasonable cost, affordable to smaller organisations. It lets all the SMEs in a supply chain prove a good level of cyber security and prove they know exactly how to protect customer data properly. In a competitive world, it means a lot and provides a small yet perfectly formed competitive advantage. Once you’ve achieved the standard, everyone who deals with you understands that you are dedicated to IT security best practice.
Why the Cyber Essentials Scheme is such a good thing
The scheme homes in on the top five technical security controls that affect small businesses in Britain. Once your business has a handle on them, there’s no reason why you can’t stop the majority of common cyber attacks in their tracks. It’s great news when you’d rather focus your energies on growing your business than spend all your time fighting to protect it from mischief makers, hackers and fraudsters.
As one UK government guide says:
“Most companies now use the internet to do business to advertise and sell, find new markets, customers and staff, communicate with customers and suppliers, and carry out financial transactions. The internet brings huge business opportunities and benefits. But it also brings risks. Every day there are attacks on the IT systems of UK companies like yours, attempting to steal your information and money, or disrupt your business.
You can never be totally safe, but most online attacks can be prevented or detected with basic security practices for your staff, processes and IT systems. These security practices are as important as locking your doors or putting your cash in a safe. You can manage your online security in the same way you would protect any other aspect of your business. With more customers demanding that their suppliers are secure, this is becoming a business necessity.
You can save money through adopting an efficient risk management approach – plan, implement and review. You can gain a competitive advantage by being seen to take security seriously – gaining the Cyber Essentials badge will help you do this. Good security can be an enabler for a thriving business: you will be
protecting your assets, your reputation, your customers, and your peace of mind.”
Read our previous post about why we became a Cyber Essentials Assessor.
If you’d like to protect your small business against everyday cyber threats, Cyber Essentials is an excellent way to do it. Call us if you’d like to explore IT security and protect your interests.