Blog Five Business Sectors that need Cyber Essentials

1. Chartered accountants

According to an Accountancy Today report recommending Cyber Essentials, accountants are at particularly high risk of cyber attacks because they hold such a large amount of personal and sensitive data for both individuals and businesses.

Accountants are also required to collect client “ID evidence”, which is used to verify account holders and protect against money laundering. This data, says the report, is a “would-be hacker’s dream”.

“Accountants often include payroll and bank account management in their services, for which clients grant them full access,” the article continues. “A cyber attack could therefore result in transfers being made to a rogue bank account and potentially large sums of money being lost.

“So it’s not hard to see how a security breach could be a big problem, not just for the business itself, but also for the clients on their books. A breach would have a domino effect, compromising the data of any individual or business they held information for.”

2. Law firms

The legal sector is another area at high risk of cyber attack. This has led to a change in regulations, meaning that companies trading with a Lexcel accreditation should be Cyber Essentials certified.

The Lexcel accreditation is awarded by the Law Society. The updated Lexcel England and Wales Version 6.1 Standard for Legal Practices insists that data regulations and cyber security should be a top priority for all Lexcel law firms.

A report on the Today’s Conveyancer news website states that the UK is listed as the tenth most vulnerable EU nation when it comes to cyber attacks.

The new regulation states that “all practices should have an information management and security policy, and should be accredited against Cyber Essentials”.

The report states that the use of “should” emphasises the importance that the Law Society places on Cyber Essentials certification. As stated above, the scheme is not mandatory – at least, not yet.

3. Higher education.

Universities and colleges have also been warned they are at increased risk from hackers – and should focus their IT budgets on cyber security.

Writing on the out-law.com legal news site, cyber expert David McIlwaine warns that the higher education sector is perhaps more susceptible to attacks than even major corporations.

“They have smaller IT budgets and their IT estate is often old and disparate, containing multiple points of vulnerability,” he writes. “Campuses, too, are often spread across multiple locations, and buildings can be widely accessible.

“In addition, unlike staff working for major businesses who may have access to cybersecurity training, face contractual obligations and are more likely to operate more cautiously given the prevailing cyber risks, students are perhaps less aware of the risks or less bothered about the potential consequences of clicking on suspicious communications, enhancing the risk that intruders will gain access to other networked devices and data.”

He also points out that much of the data held by universities and colleges will be classed as personal data, held on a range of back-office systems.

As well as referring to strict adherence to the General Data Protection Regulation (GDPR), he highlights the Cyber Essentials scheme and points out that “limited cyber insurance indemnities are also on offer for institutions that gain accreditation”.

4. Local government

There are literally thousands of local authorities in the UK – right from tiny parish councils to the huge metropolitan and London boroughs. It’s a similar situation in Canada.

But while there’s a huge gulf between the functions they carry out, they all have one thing in common – they all use computers, and they all need to be cyber savvy.

In its guide, A Councillor’s Guide to Cyber Security, the Local Government Association recommends Cyber Essentials.

The guide states: “Not only is cyber security crucial to ensuring services are kept up and running, it is also vital to ensuring the public trust councils with their information.

“A cyber attack could have very serious consequences, both in terms of disrupting services – many of which serve the most vulnerable – and by damaging a council’s reputation.

“Healthy cyber security is therefore key to the efficient and productive running of every council.”

5. Small businesses

Finally, just because the “big boys” might make the headlines when they get hacked (think NHS with the Wannacry breach, or Equifax with its well publicised 2017 hack) this doesn’t mean SMEs are immune.

Far from it, because smaller firms have fewer staff, this can mean cyber security is way down on the list of priorities, or overlooked altogether.

The University of South Wales reports that, in the UK’s most recent Cyber Security Breaches survey, 42 per cent of small businesses were breached in the previous 12 months, with a fifth of them taking a day or more to recover from cyber attacks.

The report continues: “And whilst three quarters of the owners of small firms consider cyber security to be a high priority, only 26 per cent have a formal cyber security policy, and less than one in five train their staff to be cyber aware.”

In recommending Cyber Essentials, it adds: “Businesses would never leave their premises open at all hours without anyone there, or their cash in the tills overnight.

“Yet in a world where more and more business is being done online, the importance of protecting your business from electronic thieves seems to be something that many firms still need to address properly.”

Conclusion

In a nutshell, more and more regulatory authorities are becoming switched on to Cyber Essentials and recommending its benefits to the organisations they represent. Can your organisation afford to be without it?

Read more about Cyber Essentials in our blog piece here.

More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources