Cyber Essentials is a UK Government backed certification scheme. It aims to help organisations of all sizes address the most common IT vulnerabilities exploited by criminals in cyber attacks. Interestingly, many cyber attacks start in the supply chain. For this reason, the government are aiming for organisations of all sizes in the UK to get this certification in place to improve cyber security throughout supply chains. Certification is now mandatory for public sector organisations. The Government now require all of their suppliers, who handle sensitive data, to have a Cyber Essentials certificate. Furthermore, they are encouraging big companies to follow suit and make this a requirement for their suppliers– BT, Astra Zeneca, Barclays and Vodafone are already on board. You can check if your suppliers or partners have certification in place here.
Cyber Essentials aims to address the most basic vulnerabilities exploited in cyber-attacks (such as passwords and admin access policies). If properly implemented it should prevent 80% of cyber attacks. Certification also helps meet the requirements of GDPR. You are no doubt aware that GDPR stipulates that organisations must have “appropriate technical and organisational measures in place” to protect data. Cyber Essentials certification shows you have taken action to meet these requirements and could help defend your organisation against an ICO fine.
Certification brings lots of positives to your organisation, it will help you:
- Demonstrate to your customers that you have taken action to protect your IT systems
- Keep your competitive edge by showing new business that you have cyber security measures in place
- Give you a clear overview of your business’s cyber security level
- Allow you to tender for contracts with require Cyber Essentials certification to be in place
What does Cyber Essentials cover?
The scheme focuses on five key controls :
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
The standard has two different levels of certification: Cyber Essentials and Cyber Essentials Plus. The basic Cyber Essentials certification requires a self-assessment questionnaire and an external vulnerability scan to be submitted to an external certifying body. Cyber Essentials Plus certification includes all of the above plus an on-site audit.
How can we help?
We can help organisations throughout the UK prepare for Cyber Essentials by:
- Completing a thorough review of your current business network and perimeter security. We will ensure you have the correct cyber security controls in place and that you are implementing and maintaining them effectively.
- Identifying any changes required for your organisation to be compliant with the standard and work with you to make any necessary adaptations.
- Helping you define the scope of your certification and use our technical expertise to complete your customised self-assessment documentation.
- Monitoring your systems to ensure the controls remain in place making it straight forward for you to renew your certification annually.
Contact us today if you like more information on how we can support you to get Cyber Essentials in place.