Good Cyber Security is Good Business
Cyber Essentials is a cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors.
The scheme is backed by government and addresses five key controls that, when implemented correctly, can prevent around 80% of cyber-attacks. Achievement demonstrate to customers and other stakeholders that the most important basic cyber security controls have been implemented.
Why Do You Need Cyber Essentials?
With the implementation of the new General Data Protection Regulations liability for data breaches falls upon the business owner. A key part of GDPR compliance is to practice good cyber security.
Cyber Essentials provides organisations with clear guidance on what good cyber security looks like as well as offering independent certification for those who want it.
Whilst providing a basic but essential level of protection, the Cyber Essentials scheme enables organisations that believe they are practicing robust cyber security to benefit by making this a unique selling point.
Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously. It also worth noting that those business who wish to provide goods and services to the public sector will need Cyber Essentials accreditation.
There are five key controls used under the scheme:
This control requires you to have sound policies in place, together with well-defined processes to maintain your security. It recognises the fact that security is an on-going exercise.
Boundary firewalls and Internet gateways
You must protect your internal network against attacks from the Internet.
Access controls and admin privilege management
It’s important that you prevent accidental and intentional damage caused by current or former employees.
Attackers constantly identify and exploit software vulnerabilities. It’s critical that you apply hotfixes and patches to address these vulnerabilities.
Most people are familiar with anti-spam and anti-virus protection, but user awareness training for employees will also fall under this control.
Achieving Cyber Essentials
Cyber Essentials has been designed in consultation with SME’s to be relatively light touch and achievable at low cost. However, the pricing of Cyber Essentials can be confusing.
Many organisations offer a self-assessment with a very attractive price.
This might be fine for some organisations, for example those with an IT Manager, or an inhouse IT team but please don’t pay for this! If you believe the self-assessment route is the correct one for you then you can download the questions for FREE!
However, for the majority of businesses the self-assessment route is not the best route. The questions can be quite technical in nature and the answers not easy to find!
In addition, some organisations will simply not be able to achieve Cyber Essentials without additional investment in hardware and software – and we don’t think it’s right to charge for certification when it’s not achievable. Therefore, our approach is different.
Achievement of Cyber Essentials with Your IT is via a three-stage process which provides support throughout.
Stage 1 – Initial Gap Analysis
We provide a full, on-site, initial gap analysis against the Cyber Essentials framework. We work with you through the entire standard, explaining exactly what is required in each area and identifying any gaps in your existing processes, procedures or technologies. The cost includes an external vulnerability scan for up to 25 IP addresses.
At the end of the audit we’ll produce a fully costed Action Plan for achievement of the standard.
Stage 2 – Implementation
The majority of changes required are likely to be system administration or minor alterations. If you are a supported customer of Your IT there would be very little cost to this. In some cases there may be a requirement for additional or replacement hardware and software.
We feel it’s better than you are aware of this at this stage, rather than paying for a certification programme up front that you can’t achieve without additional investment.
Stage 3 – Completion of the Cyber Essentials Assessment and Submission to the assessment body
With all the actions completed and the company up to scratch we’ll sign of the questionnaire, re-run the external vulnerability scan and obtain the certification for you.
Your IT will ensure you are supported throughout the journey to Cyber Essentials certification, however much assistance you need.
15-minute response time
NO LONG-TERM CONTRACTS
Low Risk & Complete Flexibility
An Extension of Your Business