Cybersecurity Hygiene
- Purpose: Empower SMEs to reach and maintain a minimum level of cybersecurity by following prescribed control measures.
- Framework: Consists of a set of required actions (the Cyber-Hygiene Framework) and a path to official certification by accredited bodies.
- Alignment: The initiative supports compliance with EU and international regulations, such as ISO/IEC 27001, and the Cyprus National Cybersecurity Strategy.
Core Control Measures (for Certification)
The framework is built around 11 key control areas, which an SME must implement and demonstrate, including:
- Security Policy: Clear policies approved and reviewed by senior management.
- Awareness and Training: Regular staff and user education on cybersecurity best practices.
- Risk Assessment: Systematic identification, analysis, and evaluation of risks.
- Access Control: Mechanisms to manage and verify user access to data and systems.
- Asset Management: Inventory and protect digital and physical information assets.
- Operations Security: Procedures for system updates, configuration, and monitoring.
- Backup and Recovery: Secure regular backups and recovery plans.
- Security Incident Management: Policies for detection, response, and reporting of incidents.
- Physical Security: Protection of physical assets from natural or man-made threats.
- Data Protection: Compliance with GDPR and a comprehensive privacy policy.
- Operational Impact Analysis: Business impact assessment to inform mitigation strategies.
Main Benefits
The NCC CY Cybersecurity Hygiene Initiative equips SMEs with the knowledge, tools, and certified processes necessary to build cyber resilience and business credibility in the digital era.
- Reduced Risk: Systematic approach to detecting and mitigating cyber threats.
- Market Confidence: Certified SMEs boost client, partner, and investor trust.
- Regulatory Compliance: Alignment with EU, Cyprus, and international cybersecurity rules.
- Access to Funding: Subsidies help SMEs overcome cost barriers to robust cybersecurity.
- Reputation: Demonstrates a proactive, responsible stance on digital protection.
How CBA can help you.
Our solid approach and experience will help you implement the solid steps to certification and maintaining certification, including:
- Gap Analysis: Assess the SME’s current cybersecurity posture versus framework requirements.
- Action plan & Implementation: Deploy policies, technologies, and staff training to address identified gaps.
- Official Certification: Successful SMEs receive the Cyber-Hygiene certificate, confirming compliance.