As the risk around cyber becomes more widely understood – the list of people who want to know more about your cyber readiness grows ever longer. Auditors, Insurers, Customers, and Suppliers are all making enquiries – wanting evidence of the steps you have taken to protect your business, their business, and the interests of shareholders/other stakeholders. They will have a view, and you will need to decide where your business needs to be on the continuum of “at great risk” to “has taken all reasonable precautions.” There are five recognised steps on the journey between the two:
The first is our own TSG CyberControl. In the course of providing support services, we regularly connect to customer's systems. We need to know that some basics are in place.
The second is Cyber Essentials. This is the bare minimum that the Government’s own National Cyber Security Centre believes that you should have in place.
The third is Cyber Essentials +. As the name would suggest – this is an extension of the original Cyber Essentials but comes with an external audit– and is likely to become the Governments baseline recommendation very shortly.
The fourth is NIS2. This is an EU directive that member states – and EU companies that provide critical services – must now comply with. Think about this as a gold standard.
The fifth is ISO 27001. This is a voluntary standard that provides a framework for building an information security management system. It’s appropriate for organisations in any industry. Think about this as another gold standard.
How Can TSG Help?
When you’ve decided which accreditation is appropriate, you’ll need to assess the gap between where you are today and the requirements of that standard. We can undertake that gap analysis on your behalf and help you make a plan to close it. Some parts of the plan might involve hardware and software – the more significant gaps may relate to people and processes. We’ll help you work through all of it – prioritising those changes that will have the biggest impact on your Cyber readiness. Accreditations are useful - they may even be necessary – but the real objective is to secure your business – to ensure that you can continue to trade in the event of an attack and protect the data that you retain regarding customers, suppliers, staff, and your own IP.
If you need to show that you are cyber ready – and need help to do so – please fill in this form.
