An introduction to Cyber Essentials

Cyber Essentials is a government-backed scheme designed to help businesses protect themselves from some of the most common online threats. Since its introduction in 2014, 30,000 businesses have been awarded the highly regarded certification.

In order to achieve a pass and get the certification, you must prove your application of five technical controls, (The 5 Controls of Cyber Essentials). Upon passing you can decide between two different plans on offer, Cyber Essentials and Cyber Essentials Plus. More on the details later in the blog.

 

The 5 Controls of Cyber Essentials

The 5 controls are:

  1. Firewalls
  2. Secure Configuration
  3. Applying Access Controls
  4. Anti-Malware measures
  5. System maintenance

As mentioned previously, to achieve a Cyber Essentials certification you need to apply these 5 controls to your workplace. Let us take a look at why you would go to the trouble of getting a certification.

 

Why is Cyber Essentials a good idea?

  • It is designed to defend against some of the most common threats out there – using Cyber Essentials is estimated to protect you against roughly 80% of threats.
  • Certain Government contracts require Cyber Essentials to even bid for them; some considering Cyber Essentials as a minimum certification is adequate and others insisting the bidding company holds Cyber Essentials Plus, depending on the sensitivity of the data being handled.
  • It will help you satisfy the security principles of GDPR and reassure you that you are complying by the regulations.
  • It could be a good investment in the future. Cyber Essentials does require a small upfront cost, but, once credited, your business could reap the benefits of £25,000 worth of cover against Cyberattacks. If your turnover exceeds £20m then you are not eligible for this cover, but you can still benefit from lower insurance premiums.
  • The reputational effects of having Cyber Essentials can also help you boost your customer count. Customers trusting you with their data can only be positive.

So, you now know the benefits of having the Cyber Essentials accreditation, you know you want to achieve it, but you are not sure which one you need. We will now go through some details of the two plans so you can make a revised decision based on what is best for you.

 

The two plans

Cyber Essentials

The first, cheaper and more ‘basic’ of the two plans is achieved once having completed an online, self-assessment exercise which is almost like an exam and is graded by the certification body. But there is a major difference between this ‘exam’ from the ones you remember from school. You will have 3 months to complete the exam – it is only expected to take you a couple of hours at most, but the extra time is in case areas need improvement. You will only get one chance to make any changes needed and a 3-day time window to get this done applies. Take your time and get it right the first time.

 

Cyber Essentials Plus

The ‘Plus’ does not mean you have to apply any advance controls; the only difference is the assessment process – an on-site assessment must be carried out by a qualified assessor. You must still complete the online self-assessment as in the basic plan, either independently within the 3 months explained earlier or at the beginning of the ‘plus’ process.

I agree an on-site assessment does sound like a daunting prospect but its sole purpose is to confirm that the answers in your self-assessment are correct. If you fail the on-site assessment it can result in a stressful experience for you; if you do not make the necessary changes to a Cyber Essentials standard you will have to begin the process again. Many firms seek professional advice to ensure they pass first time in order to avoid paying a second time.

The Cyber Essentials accreditation can open doors to new business prospects – allowing you to compete for contracts that would otherwise not be possible.

 

We’re Netcom, we can protect your business

Do you want your business to prove it takes the right steps to protect the information held on behalf of your customers, and Cyber Essentials certification is a recognised step toward that. We at Netcom provide you with your Cyber Essentials certification upon passing and can guide you to ensure the pass as quickly as possible. Contact us now for more information.

For guidance on IT strategy, cybersecurity and digital transformation why not book a free, no-obligation discovery call today by calling 0114 361 0062.