What is the risk?

Cybersecurity is a particularly important commercial consideration, particularly given the shift towards hybrid working and business digitization following the pandemic.

As working practices become more automated and digitised, the threat of cyber-attacks has increased, rendering cybersecurity even more important. The primary purpose of cybersecurity is to prevent unauthorised access to personal information that is commonly stored online.

PQQs and cybersecurity

Increasingly, businesses are being asked, as part of buyer pre-qualification, to show their cyber-resilience in order to be able to tender for work. The construction prequalification Common Assessment Standard is an industry-agreed question set that provides basic assurance to construction buyers.

CAS is being increasingly adopted throughout the construction supply chain and the latest set of assurance questions, issued by construction umbrella body Build UK this spring, include enquiries about cyber-resilience, systems, processes and accreditation.

To help construction businesses of all sizes defend themselves from cybercrime, the Government has backed an initiative called “Cyber Essentials”. Cyber Essentials is designed to help protect your organisation against a wide range of cyber-attacks, and if provides a way of successfully answering the cyber security questions in the CAS.

What is Cyber Essentials?

Cyber Essentials is a Government-backed certification scheme managed by the National Cyber Security Council (NCSC). It is designed to help organisations of any size understand what they need to do to protect themselves against a wide range of common cyber-attacks.  There are two levels of fee-based certification:

1. Cyber Essentials (self-assessed verification); and
2. Cyber Essentials Plus (externally assessed verification)

The Cyber Essentials Plus certification includes an audit of your IT systems by a technical expert.  Both assessments can be completed online on payment of the appropriate fee and involve an online self-assessment questionnaire followed by a signed declaration to confirm that all answers are accurate. This questionnaire is free to download at: www.iasme.co.uk.

ECA recommends businesses use the Cyber Essentials Readiness Toolkit before taking the Cyber Essentials self-assessment. This free service aims to test your readiness for the cybersecurity assessment by first:

• encouraging you to consider cyber security in your organisation, and then
• creating a personal action plan to help your business move towards the Cyber Essentials requirements.

Like the Cyber Essentials certifications, it takes the form of a questionnaire.

Practical advice

NCSC also provides guidance which includes preparing staff for home working, spotting email scams and controlling access to corporate systems when working remotely.

To start actively applying basic cyber security measures today, five technical measures that you can implement immediately are:

1. Use a firewall to secure your internet connection;
2. Choose the most secure settings for your devices and software;
3. Control who has access to your data and services;
4. Protect yourself from viruses and other malware; and
5. Keep your devices and software up to date.

The NSCS has published a 17-page guide on the evidence you will need to meet the requirements for Cyber Essentials certification please click here to find out more.