How to reassure your customers that you’re looking after their data

Being able to prove that your business protects customer data is becoming more important by the day, and could even be the deciding factor as to whether they use your services or not.

Fortunately, there are a few ways your business can show that you take data protection seriously.

ISO27001

Often regarded as the gold standard for information security processes, ISO27001 is in line with international best practice and is suitable for businesses of all sizes and types.

Since 2009 ISO27001 certification has jumped by 450% and is recognised globally as the benchmark for good security practices. The process for becoming certified can be a long one, but by achieving certification your business will build good evidence towards demonstrating compliance with many laws such as GDPR and NIS Regulations.

Read more here

Cyber Essentials

By obtaining a Cyber Essentials (or even better) a Cyber Essentials Plus certificate, your business can clearly demonstrate to your customers and partners that you are committed to protecting their data.

Cyber Essentials focuses on five technical controls. These are;

  • Firewalls - Ensure that only safe and necessary network services can be accessed from the Internet.
  • Secure configuration - Ensuring that systems are configured in the most secure way for the needs of the organisation.
  • User access control - Ensuring only those who should have access to systems to have access and at the appropriate level.
  • Malware protection - Restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data.
  • Patch management - Ensure that devices and software are not vulnerable to known security issues for which fixes are available.

Having the Cyber Essentials badge on your website and documentation makes you stand out from your competitors and provides reassurance to customers that you’re serious about tackling cyber risks and gives your partners confidence that their data is in safe hands. This is particularly useful if you store personal information such as financial information or if you host commercially sensitive data.

What is Cyber Essentials Plus?

Unlike basic Cyber Essentials, Cyber Essentials Plus relies on independent testing of an organisaion’s security controls. Cyber Essentials Plus is therefore more rigorous than the standard Cyber Essentials certification and provides a much greater level of security assurance.

This extra level of scrutiny is an excellent way for a business to clearly demonstrate to its partners and customers that it has gone the extra mile to secure the key areas that face cyber risks.

Attaining the certification also goes some way to ensuring that suitable access privileges to sensitive data and systems are in place and secure from malicious actors. Employees too, cannot access sensitive areas that they shouldn’t, greatly reducing the insider threat risk.

Do I need both ISO27001 and Cyber Essentials?

Now, you may be thinking, why should I bother with Cyber Essentials if I already have ISO27001? Well, the big difference is that ISO27001 is a management system whereas Cyber Essentials is a combination of specific technical security controls designed to mitigate the most common cybersecurity threats. Combining the two is highly beneficial as it ensures that an organisation is not only protecting itself from the majority of online threats but that it also has good management arrangements in place.

With more and more people purchasing goods and doing their business online can you afford not to have Cyber Essentials?

Read more: Reassure your customers with Cyber Essentials

Cyber Essentials Plus assessments with CyberScore   

CyberScore enables organisations to quickly and easily assess their cybersecurity. It does this by giving you an understandable view of your security posture, and creates a plan to allow you to fix things in a prioritised way.

In addition, CyberScore customers can also use the technology to assess their organisation against the requirements of Cyber Essentials Plus. Once any remedial action has been successfully completed, CyberScore then produces a Cyber Essentials Plus certificate which is then registered with the Scheme. It does all of this without the need or cost of a traditional on-site visit by a specialist assessor.

For small/medium sized businesses this is ideal as it is a far more affordable approach to attaining Cyber Essentials Plus certification than the traditional manpower-intensive way.

Want to try CyberScore? Click here for a free trial - cyberscore.com/trial

For Further Reading –

Revolutionising Cyber Essentials Plus with CyberScore™

Where’s your business’s ‘crown jewels’ and how to protect them

The Business Benefits of Cyber Essentials Certification

Follow us on FacebookTwitter and LinkedIn and sign up to our newsletter