Cyber Essentials and Contractors

Collaborative work environments have become the norm in today's business landscape. Many organisations are gaining a competitive edge by partnering with external contractors for services that span the gamut from IT support to accounting. Regardless of their physical location or employment status, these contractors usually access the company's data through an internal network or cloud platforms. This accessibility, while a boon for productivity, poses significant security challenges, necessitating stringent measures to protect business-critical and sensitive information.

One such measure is the Cyber Essentials scheme, a UK Government-backed certification that sets minimum cybersecurity standards for any device accessing company data. This extends beyond formal employees and on-site equipment to include board members, advisors, volunteers, contractors, and their 'BYOD' (Bring Your Own Device) gadgets used to access work emails and cloud services. Adherence to Cyber Essentials ensures that contractors, too, abide by the highest security protocols, shielding your organisation from potential cybersecurity threats.

Let's delve deeper into three strategies that help ensure your contractors comply with the Cyber Essentials guidelines.

Strategy 1

Making Cyber Essentials certification a prerequisite for contractors is a proactive approach to cybersecurity. By integrating this standard throughout the contractor supply chain, you ensure their equipment complies with the necessary safeguards. It's also your responsibility to further bolster these accounts with measures like multi-factor authentication, offering an additional layer of data protection.

Strategy 2

You can also bring the contractors' devices and accounts under your company's Cyber Essentials certification. This requires meticulous documentation of their devices, enforcing firewall controls, and requiring a corporate VPN for secure connections. Access control and password regulation form the bedrock of this strategy, as does the implementation of a comprehensive BYOD policy. By addressing device updates, firewall settings, password regulations, and the installation of anti-malware solutions, you effectively safeguard your cloud-based services against security breaches.

Strategy 3

Lastly, providing contractors with organisation-managed devices offers you complete control over the security measures on these devices. However, this can carry tax-related implications, making it essential to consult a tax advisor or HMRC first.

Choosing a strategy depends on your organisation's dealings with its contractors and the nature of the data being accessed.

Back to blog