What is Cyber Essentials?
Cyber Essentials is a UK Government backed certification scheme. It aims to help organisations of all sizes address the most common IT vulnerabilities exploited by criminals in cyber attacks. Interestingly, many cyber attacks start in the supply chain. For this reason, the government are aiming for organisations of all sizes in the UK to get this certification in place to improve cyber security throughout supply chains. Indeed, certification is now mandatory for public sector organisations. Similarly, the government now require all of their suppliers, who handle sensitive data, to have a Cyber Essentials certificate. Furthermore, they are encouraging big companies to follow suit and make this a requirement for their suppliers– BT, Astra Zeneca, Barclays and Vodafone are already on board!
Cyber Essentials aims to address the most basic vulnerabilities exploited in cyber-attacks (such as passwords and admin access policies). Consequently, if properly implemented it should prevent 80% of cyber attacks. Also. certification is also a good first step towards the requirements of the EU General Data Protection Regulation (GDPR). Cyber Essentials certification brings lots of positives to your organisation, it will help you:
- Demonstrate to your customers that you have taken action to protect your IT systems
- Keep your competitive edge by showing new business that you have cyber security measures in place
- Give you a clear overview of your business’s cyber security level
- Allow you to tender for contracts with require Cyber Essentials certification to be in place
What does Cyber Essentials cover?
The scheme focuses on five key controls :
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
The Cyber Essentials standard has two different levels of certification: Cyber Essentials and Cyber Essentials Plus. The basic Cyber Essentials certification requires a self-assessment questionnaire and an external vulnerability scan to be submitted to an external certifying body. Cyber Essentials Plus certification includes all of the above plus an on-site audit.
How can we help?
Red Mosquito are ACE (Accredited Cyber Essentials) Practitioners of Cyber Essentials. So, this means we have been externally assessed and accredited to deliver advice guidance and consultancy in Cyber Essentials. Therefore, we can help your organisation implement the requirements of the standard by working to:
- Complete a thorough review of your current business network and perimeter security. We will ensure you have the correct cyber security controls in place and that you are implementing and maintaining them effectively.
- Identify any changes required for your organisation to be compliant with the standard and work with you to make any necessary adaptations.
- Help you define the scope of your certification and use our technical expertise to complete your customised self-assessment documentation.
- Monitor your systems to ensure the controls remain in place making it straight forward for you to renew your certification annually.
Contact us today for a free and no obligation quotation.
RedMosquito provides IT Support and IT Security Services to SMEs in Glasgow, Edinburgh and throughout Scotland.