How to avoid denial and face your cyber security duties
If your mate, Dennis, takes care of your IT, or you have support from a professionally managed service provider, surely they will deal with cyber security issues too? Unfortunately not. If you are the business owner, the responsibility for the controls, the passwords, the accounts and the potential data breach is yours alone.
Yes, the third party who ‘helps’ you with your IT systems is accountable for their actions, but, it is you who pays for the licenses to run your business on those machines and you are responsible for those actions. It is impossible to pass that responsibility on and say it’s not your problem.
Because of the seriousness of the responsibility of IT security, the process of certifying to Cyber Essentials is not a simple check list. Instead, it is an educational process of awareness and understanding that informs a new or different way of doing business. In the same way that interest and awareness of health flows into changed lifestyle choices, so does an awareness of cyber security bring changed business choices and cyber hygiene practises.
When it comes to cyber security, everyone would love a short cut. But you cannot blindly pass on the Cyber Essentials questionnaire to your IT company and be in denial. The business owner is ultimately responsible and accountable for the answers and must sign their name to acknowledge that.
As a minimum baseline scheme, Cyber Essentials is already the most direct and effective route.
Don’t worry, help is at hand. As part of your cyber security journey, Cyber Essentials offers educational guidance and support to help non technical people.
More guidance about answering the Cyber Essentials assessment questions for single person organisations is in development.
Learn more here