What is Cyber Essentials?

Cyber Essentials is a scheme developed by the National Cyber Security Centre (NCSC) and administered on behalf of the UK government. It is primarily an assurance scheme. Scheme development was based on a number of best practice steps to address cybersecurity issues that became increasingly common as cyber criminals developed more and complex ways of attacking critical systems and data. The scheme sets out five basic cybersecurity controls that every organisation should implement. If all are applied it mitigates over 80% of the most common attacks on its own. The scheme operates two levels of accreditation. Cyber Essentials and Cyber Essentials Plus. Until April 2020, the scheme was an annual assessment but from April is now an ongoing monitoring system that continually assesses the standards which the Assurance scheme promotes. Other important changes mean that IASME is now the sole regulator appointed by the UK government. This promotes far better consistency of standards and makes management much more efficient.

Why should you get a Cyber Essentials certification?

  Cyber Essentials provide your business protection against the most common types of cyber attack. By achieving this level of certification, you have peace of mind you can operate your business knowing these types of attack and potential data compromise has been avoided. If you don’t have the levels of protection provided by the scheme, it is far more likely that your business could become a target for more complex activity from cyber-criminals, even to the point where your business could be closed down.   Cyber Essentials Plus has the same approach and similar levels of protection but your business is audited in greater depth to ensure technical verification of the security standards required.   Certified Cyber Security, in summary;
  1. Customers and Suppliers are reassured you have secure IT and processes withing your business.
  2. You understand clearly, the levels of IT security needed for best practice in today’s complex cyber security environment
  3. If you operate within the public sector, you will be required to demonstrate and achieve these levels of IT security standards.
  4. Your business reputation is enhance by Cyber Essentials certification, and it is likely that your business can attract new trade.

Roadmap to achieving Cyber Essentials

The scheme requires five technical controls which should be in place prior to applying for assessment. Even if you don’t want to apply for cyber essentials assessment, they should be part of your business cyber security standards as a minimum. 1. You must secure your internet connection by using a reliable firewall. 2. All of the devices you use as well as software and any other application, should have the most secure settings applied. 3. Manage user access. Each team member should only have access to systems and data that they need to perform their job roles. 4. You should have reputable anit-virus and malware protecion on every device you use for your business. 5. Software and firmware levels of devices, routers and any other equipment must be kept up-to-date. 6. Use secure passwords and password management software to assist and prevent passwords from being written down and avpoid the use of simple passwords. 7. Consider the use of additional secure mechanisms such as two-factor authentication. The process of achieiving these standards is striaghtforward. You may need a little help but your business reputation will be enhanced and you will avoid the majority of cyber-crime attacks.  

Would you like to be Cyber Essentials Certified?

Get in touch with us at Electric Spider today. We can answer any enquiries and guide you along the way. Why not ask for a copy of our FREE CYBER ESSENTIALS CHECKLIST?