Cyber Essentials is a scheme that helps organisations in the UK and Canada shore up their online security systems – and some sectors appear to be more switched on to its benefits than others.
We address why the scheme is so vital in our blog post here: So just how essential is Cyber Essentials? Here’s three reasons why you need it.
Our latest toolkit is designed to help those who want to take steps to avoid becoming the victim of viruses, phishing attacks and theft of client data.
And while the scheme is a godsend whichever industry you’re working in, there are a few sectors – private and public – where it’s absolutely vital.
Here’s our top five:
According to an Accountancy Today report recommending Cyber Essentials, accountants are at particularly high risk of cyber attacks because they hold such a large amount of personal and sensitive data for both individuals and businesses.
Accountants are also required to collect client “ID evidence”, which is used to verify account holders and protect against money laundering. This data, says the report, is a “would-be hacker’s dream”.
“Accountants often include payroll and bank account management in their services, for which clients grant them full access,” the article continues. “A cyber attack could therefore result in transfers being made to a rogue bank account and potentially large sums of money being lost.
“So it’s not hard to see how a security breach could be a big problem, not just for the business itself, but also for the clients on their books. A breach would have a domino effect, compromising the data of any individual or business they held information for.”
The legal sector is another area at high risk of cyber attack. This has led to a change in regulations, meaning that companies trading with a Lexcel accreditation should be Cyber Essentials certified.
The Lexcel accreditation is awarded by the Law Society. The updated Lexcel England and Wales Version 6.1 Standard for Legal Practices insists that data regulations and cyber security should be a top priority for all Lexcel law firms.
A report on the Today’s Conveyancer news website states that the UK is listed as the tenth most vulnerable EU nation when it comes to cyber attacks.
The new regulation states that “all practices should have an information management and security policy, and should be accredited against Cyber Essentials”.
The report states that the use of “should” emphasises the importance that the Law Society places on Cyber Essentials certification. As stated above, the scheme is not mandatory – at least, not yet.
Universities and colleges have also been warned they are at increased risk from hackers – and should focus their IT budgets on cyber security.
Writing on the out-law.com legal news site, cyber expert David McIlwaine warns that the higher education sector is perhaps more susceptible to attacks than even major corporations.
“They have smaller IT budgets and their IT estate is often old and disparate, containing multiple points of vulnerability,” he writes. “Campuses, too, are often spread across multiple locations, and buildings can be widely accessible.
“In addition, unlike staff working for major businesses who may have access to cybersecurity training, face contractual obligations and are more likely to operate more cautiously given the prevailing cyber risks, students are perhaps less aware of the risks or less bothered about the potential consequences of clicking on suspicious communications, enhancing the risk that intruders will gain access to other networked devices and data.”
He also points out that much of the data held by universities and colleges will be classed as personal data, held on a range of back-office systems.
As well as referring to strict adherence to the General Data Protection Regulation (GDPR), he highlights the Cyber Essentials scheme and points out that “limited cyber insurance indemnities are also on offer for institutions that gain accreditation”.
There are literally thousands of local authorities in the UK – right from tiny parish councils to the huge metropolitan and London boroughs. It’s a similar situation in Canada.
But while there’s a huge gulf between the functions they carry out, they all have one thing in common – they all use computers, and they all need to be cyber savvy.
In its guide, A Councillor’s Guide to Cyber Security, the Local Government Association recommends Cyber Essentials.
The guide states: “Not only is cyber security crucial to ensuring services are kept up and running, it is also vital to ensuring the public trust councils with their information.
“A cyber attack could have very serious consequences, both in terms of disrupting services – many of which serve the most vulnerable – and by damaging a council’s reputation.
“Healthy cyber security is therefore key to the efficient and productive running of every council.”
Finally, just because the “big boys” might make the headlines when they get hacked (think NHS with the Wannacry breach, or Equifax with its well publicised 2017 hack) this doesn’t mean SMEs are immune.
Far from it, because smaller firms have fewer staff, this can mean cyber security is way down on the list of priorities, or overlooked altogether.
The University of South Wales reports that, in the UK’s most recent Cyber Security Breaches survey, 42 per cent of small businesses were breached in the previous 12 months, with a fifth of them taking a day or more to recover from cyber attacks.
The report continues: “And whilst three quarters of the owners of small firms consider cyber security to be a high priority, only 26 per cent have a formal cyber security policy, and less than one in five train their staff to be cyber aware.”
In recommending Cyber Essentials, it adds: “Businesses would never leave their premises open at all hours without anyone there, or their cash in the tills overnight.
“Yet in a world where more and more business is being done online, the importance of protecting your business from electronic thieves seems to be something that many firms still need to address properly.”
In a nutshell, more and more regulatory authorities are becoming switched on to Cyber Essentials and recommending its benefits to the organisations they represent. Can your organisation afford to be without it?