Consider IT becomes CREST member

Consider IT is proud to announce that we are now a member of CREST following an extensive and rigorous assessment of our internal business processes, security methodologies, and overall data security. This further highlights our commitment to cyber security and to our clients.

Stuart Gilbertson, Managing Director of Consider IT, said: “For years, Consider IT has acknowledged that more responsibility needs to be taken by IT Support companies. There are no barriers to entry and no formal requirements to become an ‘IT Support Company’ or ‘Managed Service Provider’. Therefore, the only way to affirm quality within the business is to achieve membership or certification from recognised third-party bodies or standards. I’m delighted to confirm that today we achieved yet another milestone in our long-term plans to be superior. Our team adopt an innovative and rigorous approach to security and as such we have been acknowledged for doing so. We plan on rolling out Cyber Essentials to all clients as standard, and moving onto penetration testing when the time is right.”

As a result of the recent membership, Consider IT is now an official Certifying Body for the Cyber Essentials scheme.

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations providing technical security services and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

The Department for Digital, Culture, Media and Sport, who are responsible for data protection laws, have made an “IT 101” basic blunder when sending an email out to 300 recipients.

In the embarrassing incident, the department have sent the email with the 300 contacts in the CC field, rather than the BCC field. The CC field will show all recipients who is on the email chain, whereas BCC (Blind Carbon Copy) will hide that information.

Digital Minister Margot James said “It was an error and we’re evaluating at the moment whether that was a breach of data protection law.”

A DCMS Spokesperson said: “In sending a news release to journalists an administrative, human error meant email addresses could be seen by others. DCMS takes data privacy extremely seriously and we apologise to those affected.”

This isn’t the first time the DCMS have been in hot water over data protection rules. During their recently launched Windrush compensation scheme, they inadvertently shared the contact details of migrants in an email about the scheme. Five batches of emails, each with 100 recipients, were sent out.

In that case, Immigration Minister Caroline Nokes apologised for what she put down as an “administrative error”, rather than lack of staff training or incompetence.