1. What is Cyber Essentials?
The Cyber Essential scheme is an effective, affordable UK government programme designed to help public and private organisations protect themselves against common cyber-attacks.
The scheme was launched in 2014 as part of the UK’s National Cyber Security Strategy and is intended to promote good Cyber Security practices and raise the general level of Cyber Security in the UK.
The National Cyber Security Centre says, ‘’Cyber-attacks come in many shapes and sizes, but the vast majority are very basic, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.’
There are 2 levels of certification:
- Cyber Essentials
The self-assessment option guards your business against a wide variety of the most common cyber-attacks. This protection is important because vulnerability to basic attacks can single you out as the focus for more unwelcome scrutiny from cybercriminals.
Certification gives you peace of mind that your defences will protect against the most common cyber-attacks simply because hackers seek out businesses that do not have the Cyber Essentials measures in place.
- Cyber Essentials Plus
Cyber Essentials Plus offers the same ease of approach as Cyber Essentials. The protections you need to implement are the same, but a hands-on technical verification is carried out for Cyber Essentials Plus.
2. Why does my organisation need it?
Cyber Essentials is now widely recognised as the minimum baseline level of cyber security for organisations of all sizes. The advantages are clear:
- Reassure customers that you are proactively securing your IT against cyber-crime.
- Appeal to potential new customers with the assurance you have cyber security safeguards in place.
- Cyber Essentials certification may be required if your organisation is bidding for a government contract.
- The people in your business have a clear understanding of its cyber security status.
3. What are the criteria for certification?
The scheme focuses on 5 Technical Controls designed to guard against the most common internet-based cyber security threats:
- Firewalls and Routers: a firewall must be in place to protect your internet-connected devices.
- Secure Configuration: avoid unauthorized access by hackers to your systems.
- Software Updates: ensure your applications and critical systems are updated appropriately to spot and rectify weaknesses.
- User Access Control: Limit opportunities for unauthorized access by controlling who has access to sensitive data.
- Malware Protection: Protect your business from viruses and Malware.
4. How do I get my business certified?
The National Cyber Security Centre (NCSC) is partnered with the IASME consortium who will perform the annual Cyber Essentials audit by verifying the information supplied in the self-assessment. For Cyber Essentials Plus, a qualified assessor examines the same 5 controls, testing that they work through a technical audit.
IASME offers a Cyber Essentials readiness toolkit. Your responses to the questions in the toolkit will help create a bespoke action plan to guide you towards meeting the Cyber Essentials requirements. The action plan includes links to specific guidance on how to meet this criteria.
At Comprendo, we offer hands-on guidance and support for attaining Cyber Essentials and Cyber Essentials Plus certification, as detailed below.
––––––––––––––––––––––––––––––––––––
How can we help at Comprendo?
We are an experienced IT solutions and support team with in-depth knowledge of Cyber Essentials. We can identify where your business is on the path to reaching the required criteria for Cyber Essentials or Cyber Essentials Plus. We will help you put the 5 technical controls in place.
If you choose to work with us, we will install the Cyber Essentials ISO 27001 management portal and Cybersmart software, which automatically filters data from your cyber security controls into the Cyber Essentials platform. The software ensures all infrastructure meets the required security criteria and will report on areas requiring improvement.
For example, an operating system which is no longer supported (ie, too old for secure usage) will be flagged. Cybersmart also includes security learning modules for staff to complete to help them identify cyber threats on their own devices.
Whether you’re a start-up looking for guidance on cyber security, or a larger organisation wanting to gain a clearer picture of your cyber security level, we’d be very happy to help.
>>> Call Us on 0345 527 4394 for an informal chat with one of our friendly support team, or
>>> Contact Us for all things IT at https://www.comprendo.co.uk/contact-us/
If you’re interested in learning more about the 5 Technical Controls monitored by Cyber Essentials, then look out for our next blog, published later this month.
At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North and West Yorkshire, Lancashire and beyond, including Leeds, Bradford, Harrogate, York and Burnley. We look forward to hearing from you at www.comprendo.co.uk