It won’t have escaped the notice of most small business owners that the GDPR, or General Data Protection Regulation, came into effect recently. This puts a lot more onus on businesses to protect data from customers and third parties and deal with it ethically and responsibly.
One of the major challenges for online businesses in general is maintaining a strong level of cybersecurity. Most depend on their IT support, whether in house or outsourced, to ensure that all levels of protection are met.
The truth is, however, that many businesses do not have a full understanding of where they are when it comes to online security.
The government is trying to get businesses to adopt good practice when it comes to cyber security and supports two levels of certification. The first is Cyber Essentials which is a self-assessment that demonstrates your business has the right measures in place to protect its customers and the data it holds. For example, it includes questions such as what security measures you have in place to prevent breaches and how you update staff to ensure that they keep data safe.
Cyber Essentials Plus is a step above this and means that your security has been evaluated by an independent assessor. This includes testing your systems to see if they are vulnerable in any way and making sure you have all the right security processes in place. It gives potential customers a lot more peace of mind when they are choosing to deal with your company in the first place.
It’s become increasingly difficult for customers to understand how secure the business they are dealing with is. Cyber Essentials Plus gives you the certification that you can add to your site which demonstrates you are complying with the latest requirements.
There are five main areas:
If you are not completely up to date when it comes to protecting your data or are not sure you have all the right measures in place, undertaking Cyber Essentials Plus accreditation can go a long way to solving this problem and ensuring you are GDPR compliant.