05 Oct What is Cyber Essentials and why should my business get certified?
Cyber Essentials is a UK government backed scheme designed to help organisations guard themselves against a range of the most common cyber threats. The scheme promotes the use of 5 key technical controls which when deployed, are estimated to protect against 80% of cyber attacks. Designed to lay the groundwork for a more advanced cyber security strategy, cyber essentials is a vital starting point, offering a basic cyber defence toolkit that can be implemented without advanced technical proficiency.
From phishing attempts and password attacks to DDoS and Malware, cyber criminals deploy a range of tools to exploit and capitalise on IT system vulnerabilities. In the last few years cyber criminals have become more pervasive and virulent, using emerging technologies such as AI to carry out more effective and damaging attack campaigns. Despite the increasing sophistication of cyber attacks, most hacking attempts remain fairly basic in their methodology, relying opportunistically on poorly safeguarded IT systems and end users with limited cyber security awareness. The criminals prey on security naivety and complacency, exploiting poorly maintained software to inject malware into networks and performing account takeovers by taking advantage of weak password policies.
Cyber Essentials will give your organisation a vital foundational framework to thwart the majority of these opportunistic attacks, and may even deter more sophisticated hacking attempts.
How does certification work?
The Cyber Essentials scheme offers two levels of accreditation: “Cyber Essentials” and “Cyber Essentials Plus.”
The basic Cyber Essentials accreditation process features a self-assessment questionnaire, where you must demonstrate your organisation’s application of the “5 key controls.” These include: firewalls, secure configurations, user access controls, malware protection and patch management. We’ll cover these more thoroughly in our next article.
Upon completion of the self-assessment, your submission will be reviewed by an independent assessor who’ll ensure compliance with the scheme’s requirements before certification is awarded. While this part of the process sets the wheels of sound cyber security in motion, we strongly advise our clients to go one step further and achieve Cyber Essentials Plus accreditation.
Cyber Essentials Plus involves applying exactly the same technical controls as the initial accreditation, however this time your efforts will be assessed and verified by means of an on-site technical audit. This process will examine endpoint devices, ensuring they are protected and configured in accordance with the 5 controls. An external vulnerability scan will be performed against internet-facing systems, designed to ensure that no system weaknesses are apparent. The audit will also assess the configuration of your internet browsers and email accounts, ensuring that the appropriate controls are in place to protect against the actioning of malicious file downloads.
Once the technical assessment is completed and you’re found to have satisfied the requirements of the scheme, you’ll be able to display the Cyber Essentials Plus checkmark on your website: a reassuring signifier to clients, partners and suppliers of your commitment to cyber security best practice.
It’s important to note that both accreditations require application of the same technical controls: the only difference is that ‘Plus’ features a far more rigorous assessment process.
What benefits does cyber essentials accreditation offer?
Reassurance for clients and stakeholders. Cyber essentials accreditation will inspire confidence in clients, stakeholders and suppliers. They’ll be reassured that their data is safe in the hands of your organisation.
Gain an understanding of your cyber security posture. Simply engaging with the process will give you a handle on how well defended your systems are at present. Be sure to make any necessary improvements however, before beginning the assessment process.
Safeguard your IT network against the majority of cyber threats. Cyber Essentials doesn’t claim to guarantee network invulnerability, but it will shield your organisation from approximately 80% of hacking attempts.
Free Cyber Insurance. Cyber Essentials Plus certification entitles your organisation to up to £25,000 worth of cyber liabilities cover, provided your turnover is under £20 million per year and your business is registered in the UK.
Apply for UK government and MOD contracts. Many UK public sector and MOD contracts require applicants to hold Cyber Essentials accreditation, with many some even stipulating Cyber Essentials Plus. Institutions like the MOD take the security of sensitive information extremely seriously. Cyber Essentials proves to them that your organisation meets the required standard.
Meet your obligations under the GDPR. The GDPR requires organisations to handle sensitive data with great care, ensuring that the ‘appropriate technical and organisational measures’ are in place. Should a data breach occur, your Cyber Essentials accreditation will help prove to the information commissioner’s office (ICO) that you took the necessary precautions and activated the appropriate technical measures to safeguard the data you were entrusted with.
Cyber Essentials accreditation signals to the world that your organisation can be trusted to handle sensitive data. Accreditation offers many benefits and sets the scene for more advanced cyber security countermeasures. If you’re keen to begin the accreditation process, begin by reading our next article, where we’ll set out the 5 controls required by the scheme in more detail.
Connecting you to the modern world
Since our conception back in 2005, at Vostron we have operated under a series of predetermined guiding principles: agility, people, and approachability. With those principles adopted wholeheartedly throughout everything that we do, along with our progressive approach in helping our clients to achieve their business goals in the most cost-effective and secure way possible, we are proud to say that we have earned the trust of a loyal customer base across the UK from our home in Southampton. Please don’t hesitate to get in contact to find out how we can help you!