With enforcement of the EU General Data Protection Regulation (GDPR) pending, many businesses are mad busy preparing for a new era in privacy regulation. Late last year, I was advised to ‘hang on to all & any compliance frameworks you can’ (re GDPR) and ‘Cyber Essentials’ was one such certification scheme mentioned at that time.
The aim of being Cyber Essentials certified is to help organizations like yours and mine safeguard sensitive data by implementing reasonable security measures, much like GDPR specifications that aim to strengthen data protection.
The Cyber Essentials security standard spans across five security control areas:
- Boundary firewalls and internet gateways: By making them an integral part of network security, it can help prevent attackers from reaching computers with vulnerable software installed.
- Secure configuration: This helps minimize the potential exploitation of vulnerabilities. Steps include fundamental cyber hygiene such as avoiding the use of default passwords.
- User access control: Organizations must ensure everyone has the appropriate access to data for the role that they are performing.
- Malware protection: Organizations must make sure that virus and malware protection is installed and is up to date.
- Patch management: Timely application of patches should be a priority for preventing breaches.
As one of the team from the SOUTH WALES CYBER SECURITY CLUSTER once told me … being Cyber Essentials certified builds customer confidence in you as a service provider, showing them that you security and in turn privacy, very seriously. After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016.
Enforcement date: 25 May 2018 … at which time those organizations in non-compliance may face heavy fines.