Cyber security is something that all companies, whatever their size, have to take seriously these days.
Recent figures released by Get Safe Online and the UK’s national fraud and cyber-crime reporting centre Action Fraud reveal that UK businesses reported losses of £1bn in the past year as a result of attacks on their IT systems. What’s more, the problem is likely to be bigger than this, as police say many cyber-crimes go unreported.
It’s an issue that we’ve certainly looked at addressing and we are currently working towards gaining Cyber Essentials certification. The Cyber Essentials scheme has been developed by Government and industry for two main reasons: (i) It provides clear guidelines that businesses should implement to mitigate the risk from common internet-based threats and (ii) it offers a mechanism for businesses to demonstrate to customers and investors that they have taken these precautions.
The Government has said that it will require all suppliers bidding for certain contracts to be Cyber Essentials certified and we’ve certainly seen private sector organisations and some of our customers also stipulate that companies in their supply chain fulfil this standard. This means unless we gain certification we will not be able to continue to do business with them, so not an option for us.
The areas that businesses need to look at under the scheme fall into five categories: boundary firewalls; secure configuration; access control; malware protection and patch management.
For our business the focus has been on auditing each of our machines in turn to check that the software we have is properly maintained and updated. Any software we have found that is out-of-date, we have had to either update it; get rid of it; or move it to a machine that is not connected to the internet.
This has presented us with some immediate challenges:
Another area we have looked at is the separation of personal and work digital content. I’m sure I’m not alone in having a laptop that I use for work but also for leisure – where I use the same e-mail tool for both work and personal email accounts, run applications such as Family Tree software and store photos of the family alongside work documentation.
Under the Cyber Essentials guidelines, it is recommended that people keep their online personal and work lives separate. This sounds fairly straightforward, but if put into place the likely outcome will be having a “work” machine at work and a personal machine at home. This is a definite change from the current situation whereby the “work” laptop goes on every night and is used for personal purposes. Going forwards, the “work” laptop is only likely to go home if work is planned in advance.
And while this all makes good sense from a cyber-security standpoint, it is a change that is likely to have both positive and negative consequences.
The outcome for the company will likely be negative, as not having my work files with me will hamper any attempts to do unplanned work. However, there is potentially a positive benefit from a work-life balance point of view.
With communication tools such as Skype and Outlook on for personal reasons it is very common to be contacted by a customer, colleague or associate in relation to a work matter. The temptation to make an instant response is too great and inevitably leads to me getting embroiled in work-related issues during down-time.
If work and personal content are kept separate, this is likely to happen less often, which is good news for all of us …except the cyber criminals that is.
To find out more about our mechanical design & engineering services, call us now on Tel: +44 (0)1277 261066 or email us at firstname.lastname@example.org