Cyber Essentials Overview
The government backed Cyber Security scheme, Cyber Essentials has been out for a few years now. The scheme was developed to help ensure that businesses were performing cyber security best practices to help secure personal data.
Since becoming mandatory for all central government contracts which are advertised after 1st October 2014, its now becoming more important than ever to ensure that your business is certified.
The Cyber Essential Scheme comes in two flavours, these being Cyber Essentials and Cyber Essentials Plus.
This basic level requires your company to complete a self-assessment questionnaire. This questionnaire is then assessed by an independent assessor. If you fail your initial submission you can resubmit it and resolving any issues that were found.
Cyber Essentials Plus
The plus level, includes all of the basic level, but additionally requires your business to be tested by an external certifying body, using a range of tools and techniques. This is commonly known as penetration testing. This ensures that your business has the necessary controls in place to keep your business and data safe.
With the increasing amount of cyber security attacks, attacking businesses in all countries, now is the time to ensure you are certified. Becoming certified will help ensure that your reputation is protected by showing your suppliers and customers that you are doing what’s needed to ensure their information remains out of malicious hands and that the right safe guards are in place.
Cyber Essential Benefits
Some of the benefits which are associated with Cyber Essentials are below.
- It is a mandatory requirement for government suppliers and all public service contracts.
- Shows your commitment to IT security; demonstrating to your partners, customers and suppliers that you take cyber security seriously.
- Protects your company’s profits and reputation by avoiding the financial implications any negative publicity associated with a cyberattack.
- It can give you a competitive advantage over rivals who don’t have accreditation.
How do I become certified?
There are a number of ways you can become certified, you can wither go direct to a certifying body like Crest or IASME, or go through the many independent assessors who will take you through the process. Going through an independent assessor will normally give you greater control over what you want, from helping you complete the self-assessment to providing testing and support as you go through the scheme.
Once you have selected a certification body, you will have to initially answer a self-assessment questionnaire. This questionnaire involves five fundamental technical security controls that your business must meet. These controls are then independently assessed for your accreditations.
Fundamental technical security controls
- Boundary firewalls and internet gateways; these must be designed to prevent unauthorised access to or from private networks.
- Secure configuration; ensuring that systems are configured in the most secure way for the needs of the organisation.
- Access control; ensuring only those who should have access to systems to have access and at the appropriate level.
- Malware protection; ensuring that virus and malware protection is installed and is it up to date.
- Patch management; ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor have been applied.
Once done, sit back and relax and be safe in the knowledge that you are doing your bit to stay safe.