24 Sep Cyber Essentials – An introduction
The modern world of work is full of cyber security vulnerabilities, so it is essential that you do everything in your power to ensure the prolonged security of your systems, systems that contain your clients’ sensitive data. That is where Cyber Essentials comes in.
Cyber Essentials is a government-backed scheme designed to assist businesses in protecting themselves from online threats. Since the scheme was released on the 5th June 2014, over 30,000 businesses countrywide have achieved the highly coveted accreditation.
The Cyber Essentials accreditation can be split into five categories, all of which must be implemented and maintained to a certain high standard. They are as follows:
- Secure Configuration
- Applying Access Controls
- Anti-Malware measures
- System maintenance.
Sounds like a lot of effort, doesn’t it? I agree, so why would you go to all the effort of getting a certification in the first place?
Why bother with Cyber Essentials?
Once the measures are in place to achieve the Cyber Essentials accreditation, it is estimated that you are protected against roughly 80% of threats – not a number to frown about at all. The Cyber Essentials accreditation is also very well received by a lot of businesses, and, Government departments require you to have it just to bid for their contracts! Depending on the sensitivity of the data being handled, they may want you to have the slightly superior Cyber Essentials Plus package. Cyber Essentials will also help you satisfy the security principles of GDPR and reassure you that you are compliant to the regulations, in turn making it a good investment not just for now but also into the future. It also evokes a lot of trust from customers – having an accreditation to show that you can not only talk the talk when it comes to cyber security but also walk the walk will also likely have great reputational benefits for the organisation.
Now you know the benefits of being Cyber Essentials certified let’s take a look at how to achieve it. We will explore both grades of certification (Cyber Essentials and Cyber Essentials Plus) so you can decide what will be best for your organisation.
Cyber Essentials is the most basic (but by no means inferior) level certification an organisation can achieve to become Cyber Essentials qualified. The process you will go through for this one is very much a D.I.Y. led approach; a representative of the business needs to complete a detailed online application. The form requests the applicant to complete a number of statements, each linking back to the five key controls of Cyber Essentials, all of which are designed to give the accreditation body scope to understand the breadth and depth of best practice processes deployed within the applicant business that need to be compliant to CE guidelines.
Cyber Essentials Plus
Cyber Essentials Plus is a more rigorous test of an organisation’s cyber security defences and procedures. As previously mentioned, some Government contracts will require you to have the Cyber Essentials Plus accreditation, but this aside – whether you are interested in Government contracts or not – it is a good statement to make, especially if you have staff working from home, for example, or members of the team have access to your premises.
So far they sound the same, and they nearly are, but, unlike the standard Cyber Essentials accreditation, with the Plus version the accreditation body is required to conduct an on-site assessment and a complete technical scan of your entire technological landscape. By doing this they can see whether you are compliant to Cyber Essentials guidelines and expectations at the superior Plus grade.
In the remaining articles in the series, we will explore the five categories we mentioned earlier and discover what needs to be done to pass.
Cyber Essentials Accreditation achieved
We understand the importance of top-level cyber security in your organisation. Our team of experts will help guide you to Cyber Essentials Accreditation and a secure future. We will ensure that you feel confident with the new tools that were implemented which made achieving the certification possible. Contact us now and find out how we can help you transform your digital landscape into a fortress that cyber criminals haven’t got a chance of being able to penetrate.