What is Cyber Essentials? and Why Your Business Needs It
Cyber Essentials (CE) is a simple but effective Government backed assessment scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Cyber Essentials helps you to guard against the most common cyber threats and demonstrates your commitment to cyber security, which can often become a requirement when tendering for work in both public and private sectors.
Your organisation will have to provide evidence against five technical controls (see below) to meet the requirements for Cyber Essentials certification.
Ever since the Cyber Essentials scheme was launched in 2014 - by the National Cyber Security Centre (NCSC), SMEs and large companies have used it to demonstrate their cybersecurity commitment and comply with industry regulations. Those conscientious companies that complete the scheme get themselves listed on a searchable register of certified businesses and organisations.
However, in 2019, still only 11% of businesses were aware of Cyber Essentials and what it means (Cyber Security Breaches Survey)
After completing the scheme, you will have achieved the basic Cyber Essentials certification. At this point, you have shown you have the essentials of cybersecurity in place. If you really want to prove to clients that you have robust cybersecurity procedures, then you will need to be verified by an independent expert. For that you will need to complete Cyber Essentials Plus.
Cyber Essentials requires recertification every 12 months, to ensure ongoing compliance.
Are you currently supplying, or wish to supply to the government?
If so, the UK Government has taken steps to further reduce the levels of cyber security risk in its supply chain through the Cyber Essentials scheme. It has made the scheme mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.
Are you currently a risk to other businesses in your supply chain?
• For the first time, cyber incidents rank as the business risk causing most concern globally. Supply chains are increasingly integrated and complex. That means one cyber breach of a small supplier could have repercussions far beyond their own customers. Business and reputations are at risk. But with few resources to protect themselves, these businesses are often at greatest risk of cyber-attacks.
• It is essential that businesses today do all they can to protect themselves - but becoming cyber secure is not easy for small firms in your supply chain. Supply Chain Assurance today often comprises a tick-box exercise of ever-increasing volume and complexity. This is an onerous task for both supplier and enterprise alike and is often only a once-a-year exercise. Cyber Essentials certification can ensure standards in cyber security across your supply chains
What are the Certification Standards?
Cyber Essentials (the five technical controls) -
Self assessment - some 70+ questions covering the following topics:
• Boundary firewalls and internet gateways - that you have a secure internet connection
• Secure configuration - that you have the most secure settings turned on, on all your company devices
• User access control - that you have full control over who is accessing your data and services
• Malware protection - that you have protection in place against viruses and malware
• Patch management - that your devices and software are updated with the latest versions
Completed assessment must be input online
Cyber Essentials Plus -
• After completing the self-assessment portion (as above), an independent auditor will typically come to your location or remotely access your network.
• They will manually check for issues and make sure your assessment was correct.
• This could include testing anti-malware software by sending emails, checking for outdated software on a device, or testing how files are accessed by different users.
• Once the certification body deems your technical controls are acceptable, you will be certified and earn a place on the government’s directory of Cyber Essentials Plus compliant organisations.
• The certification signifies that your company has implemented all the cybersecurity measures necessary to protect customer data.
Would you like to show to your clients that your systems are secure?
PROTECT YOUR BUSINESS AGAINST SECURITY THREATS WITH 24/7 MONITORING
Over half of UK businesses suffer a cyberattack each year. So, for your business, the risk of a breach is very real. One problem is that cybersecurity can seem complex and costly, meaning many small businesses (SMEs) do not protect themselves as well as they could.
Cyber Essentials was created to afford the certificate holder protection against the majority of common Cyber Attacks. Cyber Essentials is a framework made up of five controls, which require continual monitoring to be most effective. If you don’t have the resources to perform this monitoring, our tool will do it for you ensuring that these five controls are working and in place 24/7.
This will maximise the benefits of Cyber Essentials and not leave your business open to a potential attack.
We oﬀer you the ability to achieve the (NCSC) recognised Cyber Essentials certiﬁcation, particularly relevant for service focused clients
We will provide your business with a solution that;
• Protects you against 99.3% of all common cybersecurity threats
• Ensures Cyber Essentials compliance
• Keeps what is important to you and you clients safe
now and long into the future.
Implementing our solution gives you the power to maintain your Cyber Essentials certificate every single day, ensuring your business and client data is secure.
Would you like us to assure your systems to a Govt recognised standard?
We can provide this assurance service as a one off project or roll Cyber Essentials certification into your existing service plan.