With yesterday’s release of the GFSC’s Cyber Security Rules & Guidance, 2021, our Head of Information Security, James Kelsh has commented on the recommendations.
Much as we were expecting, the GFSC’s Rules are based around the five core principles of Identify, Protect, Detect, Respond and Recover. Within these fall many of the requirements we have been delivering for our clients, including making sure appropriate cyber security software is in place, ensuring all IT systems updates are carried out, formulating the correct cyber security policies and regular employee cyber security training.
The GFSC’s Cyber Security Rules & Guidance also notes that there is not a ‘one size fits all approach to addressing cyber risks’ and suggests firms consider accreditation or certification from a recognised body, such as Cyber Essentials and Cyber Essentials Plus. As Guernsey’s first recognised Cyber Essentials, Cyber Essentials Plus and IASME certification centre, we regard these certifications as essential elements of a company’s cyber security framework. The GFSC also recognises that their guidance may also be used for non-licensed firms.
Although the Cyber Security Rules & Guidance, 2021 came into effect today, there is a transition period up until the 9th of August 2021. Putting the correct cyber security procedures in place takes time so we would urge any businesses who have not yet done so, to read the Guidance and then get in touch if they need help.