Strengthening cyber security in the healthcare sector
Phoenix

Strengthening cyber security in the healthcare sector

Photo of Tracey Hannan-JonesFollowing the announcement that “The Department for Digital, Culture, Media and Sport (DCMS) has put up £500,000 to support small and medium sized businesses in the healthcare sector strengthen their cyber security”, Tracey Hannan-Jones (Security Sales Consultant at Phoenix) takes a look at what this means for you.

“We live in an interesting time don’t we. In 2017, we saw WannaCry and the attack on our treasured NHS, which we dealt with and continued to fight the good fight. However, this global pandemic, has seen the unscrupulous threat actors heighten their threats in an attempt to steal intellectual property and personal identifiable data. As we continue to keep our NHS services running, help in the race for a vaccine and in doing so, cement the wealth and kudos of doing so, this is creating a new heightened landscape to steal research data.

The DCMS funding has been designed to support the costs for consultancy and certification for Cyber Essentials, which will ensure that smaller organisations can receive all necessary guidance and support to get accreditation.

The funds can be offset to look at your organisation’s cyber security risk posture and assist in the development and implementation of a business continuity plan. However, the funding available may only be enough to begin the processes.

Why Cyber Essentials?

There are two versions and they kick-start your journey into cyber security.  The below diagram demonstrates risk maturity:

Cyber Resilience Maturity Level

As you can see, over and above your entry point of keeping the lights on, the next step on the rung to fighting cyber criminals is Cyber Essentials, followed by Cyber Essentials Plus.

What’s the difference?

Cost, resource, requisites….

  • Cyber Essentials [Basic] is a self-certification process – you supply answers to an IASME certified questionnaire (with evidence) and the application is marked by a certification bodies – Phoenix works with EvolveNorth. Our service additionally includes a pre-review prior to submission to ensure your submission is right first time and avoids rejection and the need to pay again.
  • Cyber Essentials [PLUS] involves an external, independent vulnerability scan. This means that one of our certification bodies will visit your office and perform a test that is in line with the Cyber Essentials requirements. Every certification body will have the same test process. We work with you to ensure that the hidden ‘gotchas’ are known, for example, not patching a critical server within 14 days of its release can results in a CE Plus fail, and you have to start it all over again!

What does it cost?

Unlike Cyber Essentials, which starts at £300+VAT for self-assessment, Cyber Essential Plus is priced differently and boils down to these 4 elements:

    • Number of employees
    • Number & configuration of workstations
    • Number of offices
    • Complexity of network

We’ve got ISO 27001, so I don’t need Cyber Essentials – do I?

Well, yes and no – it really depends on if your organisation is requesting that you have Cyber Essentials certification. While ISO 27001 (see above maturity risk diagram) is a more comprehensive and thorough certification across 114 controls (vs. Cyber Essentials five), Cyber Essentials is designed to ensure that the core elements of your security are in line with the NCSC’s standards – so having ISO 27001 does not guarantee compliance nor trump Cyber Essentials.

How to claim funding?

Cyber Skills Immediate Impact Fund

Guidelines for applications and eligibility criteria
Fiona Bowman

See all posts by Fiona Bowman

Want to know more?

Get in touch with your Phoenix Account Manager who can set up a call with one of our Cyber Security, Risk and Governance Consultants. We can then discuss and support you in making the right decision and completing your application for the correct Cyber Essentials services.

Call us on 01904 562200, email [email protected] or complete the form opposite:

Source Article:
https://www.ukauthority.com/articles/dcms-provides-funds-for-cyber-security-in-health-sector



About Phoenix

Phoenix enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud and hybrid infrastructures data, AI, security, and collaboration tools. By understanding the individual goals of its customers, Phoenix delivers remarkable, outcome-focused IT solutions and services that allow UK organisations to make a difference to the lives of their employees, service users, and communities.

Phoenix is a signatory on the Race at Work Charter, and a Disability Confident and Living Wage employer. The company is also actively involved in encouraging more women into the IT industry.

 

How we handle data  |  Unsubscribe

Recent Blog Posts

  • 04-04-2024 - As we innovate, QR codes are becoming commonplace. From accessing restaurant menus to event tickets, QR codes offer convenience and...... Read more
  • 03-04-2024 - From 15 July 2024, Adobe will no longer be selling Acrobat Standard 2020 and Acrobat Pro 2020 licences in the...... Read more
  • 25-03-2024 - As organisations worldwide become more aware of their environmental impact, the concept of green technology has emerged as a simple...... Read more

Sign Up

Please enter your details below to opt-in for the latest news, events and industry updates from Phoenix.

©2024 Phoenix Software All Rights Reserved. Phoenix Software Limited is a company registered in England and Wales, with company number 02548628 and VAT number GB 755 3490 15. Registered Address: Blenheim House, York Road, Pocklington, York, YO42 1NS