25 Feb Cyber defences: Cyber Essentials, what is it?
In the previous blogs in the series, we have explored some of the different types of cyber-attack, how to combat them and the ramifications of not combatting them effectively. In this, the third and final blog of the series, we will take a look at the Cyber Essentials accreditation and discover how it can guarantee that your business becomes and remains cyber-secure now and into the future.
Cyber Essentials – what is it?
Cyber Essentials is a government-backed scheme launched in 2014 when it was designed with the sole purpose of helping businesses to better protect themselves from ever evolving cyber threats that have the power to do irreparable damage to the operational capabilities of a business. The accreditation can be achieved through five key technical and policy-based controls, which we will explore more throughout the blog.
The Cyber Essentials programme is graded in two levels. These are: ‘Cyber Essentials’ – the entry-level self-certified accreditation; and ‘Cyber Essentials Plus’ – the more thorough and detailed assessment and network scan, conducted by a certified accreditation body.
Cyber Essentials – why would I bother?
I understand when you ask why you would pay someone to come and do something that you can do yourself. But achieving Cyber Essentials accreditation has a number of business benefits to go along with it.
- Customer confidence
Achieving the Cyber Essentials accreditation creates a good image to your existing and – arguably more importantly – potential client base. The Cyber Essentials certificate is physical proof that you put maximum effort into guaranteeing that your employees’ and clients’ information / sensitive data is as safe and secure as possible.
- More business opportunities
Cyber Essentials opens up brand new business opportunities – some government contracts require bidding companies to hold Cyber Essentials certification. This quite literally means that by not having certification you are already a step behind the competition.
- A good investment
As much as Cyber Essentials does require a small upfront cost, once credited your business could enjoy £25,000 worth of cover against cyber-attacks.
- The level of defence
Let’s not move away from the reason you are reading this blog in the first place – staying cyber secure is the main goal here and no other accreditation on the market can offer the same level of protection (against roughly 80% of threats). This makes Cyber Essentials a no-brainer!
Cyber Essentials – How do I achieve it?
Before going for the Cyber Essentials accreditation, you will need to complete a pre-audit, which can be achieved with the help of an IT professional. Having an understanding of the way your current cybersecurity controls and policies are set up will be invaluable.
The Cyber Essentials accreditation is broken down into what is known as ‘the five controls of Cyber Essentials’. These are mandatory components necessary to ensure you achieve it. Without these five controls in place, you will fail your assessment, so it would be beneficial to become familiar with these before moving forward:
- Access controls
- Anti-malware measures
- Patch management / up-to-date devices
- Secure configuration
As previously mentioned, there are two levels of accreditation, and each has a different process to achieve certification. They have different assessment processes but require the same technical controls. One is a self-assessment that can be assisted by ourselves to be sure you are going to pass before you start and the other is a ‘hold your hand’ approach, guiding your business through the certification.
These two different types are as follows:
Price: £300 plus VAT. The basic Cyber Essentials accreditation is achieved through the completion of an online self-assessment exercise, which is then assessed and graded by the certification body. After the initial payment, access will be granted to an online portal which gives you three months to submit your completed self-assessment.
This assessment only takes a couple of hours to complete, so why three months then? That is because, if any areas need improvement, you only get one chance to make changes and a three day time limit will apply – take your time and get it right the first time!
Cyber Essentials Plus
Price: £1,999-£2,199 plus VAT
As we mentioned earlier, Cyber Essentials Plus doesn’t require the application of any additional or more advanced technical controls, and the only difference is the assessment process, which will feature an on-site technical verification by a qualified assessor. You’ll be required to successfully complete the self-assessment required for the basic certification – either independently within the previous three months, or at the beginning of the ‘plus’ process.
Cybersecurity is of the utmost importance in every business globally, and Cyber Essentials has the power to revolutionise the way your business views its security measures. Through education and technical measures, it can be a powerful ally against cybercriminals.
Making technology your ally against cybercriminals – Netcom
We at Netcom take our time getting to know you, we build a relationship with you based on dependability, trust, and the belief that our knowledge will guide you into a more prosperous future with IT as your ally. We want to be part of your team whilst working alongside you to anticipate your ever-changing needs going into the future, whilst providing technological know-how that keeps your business functioning and thriving. Don’t hesitate to get in contact.
Your Cyber Essentials assistant is here to guarantee you qualify – Netcom
At Netcom, we have provided proactive Managed IT and cybersecurity support to our customers across the whole of the UK for over 15 years. Our team of experts will ensure that you are protected against Malware and alleviate any other security concerns you may have. Contact us now to find out how.
For guidance on IT strategy, cybersecurity and digital transformation why not book a free, no-obligation discovery call today by calling 0114 361 0062.