Achieving a strong Cyber Security structure for your business can consume significant amounts of time, money, specialist expertise and resource. Launched in 2014, and developed in order to adopt good practices in information security, the UK government Department for Business, Innovation and Skills released Cyber Essentials. The basic goal of Cyber Essentials certification is to protect company information from internet threats, but it’s important to note that Cyber Essentials is a basic level of ‘due diligence from which to build on and not a comprehensive Cyber Security Strategy.
The Cyber Essentials Scheme is a Government backed industry recognised certification for Cyber Security. Cyber Essentials will help your organisation to guard against the most common cyber threats and demonstrate your commitment to cyber security to your customers.
What is the Cyber Essentials certification Scheme?
Cyber Essentials enables all UK businesses to adhere to a series of Cyber Security principles to safeguard their business data, clients data and participate in high value tenders that require this certification. Unlike other schemes, that are not Government backed, Cyber Essentials is very affordable and well recognised in industry.
It helps businesses to mitigate against Phishing attacks including Malware, malicious email and website links and hacking opportunities, by exploring the known vulnerabilities in internet connected servers and devices. All risks are identified within an audit prior to the certification submission and weaknesses are identified.
The Cyber Essentials certification framework
Within the two Cyber Essential’s certification options (Standard and Plus) the following five security controls are verified.
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Why choose Cyber Essentials?
Properly implemented Cyber Security has the additional advantage of driving business efficiency throughout the organisation, saving money and improving productivity. The five security controls that form the framework of both Cyber Essentials certifications, could prevent “around 80% of cyber attacks”.
What are the benefits of Cyber Essentials certification?
Risk Mitigation
Cyber Essentials helps businesses identify risks they face when it comes to Cyber Security. In order to achieve certification, there needs to be specific processes and structures in place each year.
Stand Alone Assurance
Broader standards and frameworks such as ISO 27001 provide a different type of protection. As Cyber Essentials is a stand-alone assurance programme, it’s affordable for all businesses. Many businesses that already have ISO 27001 also have Cyber Essentials.
Protection from Cyber Threats
Thousands of businesses every year fall victims to cyber security attacks which cost time, money and potentially the loss of company and client data. Cyber Essentials certification ensures cyber security processes are in place to help prevent these attacks.
Data Protection
Now that the EU General Data Protection Regulation (GDPR) is now in force, business owners are now solely responsible for the security of clients’ data in line with the new regulation. Cyber Essentials helps identify weaknesses and puts processes in place to protect data. Failure to protect data under GDPR can result in significant fines and
Customer Reassurance
Many high value tenders now require ISO 27001 certification as well as Cyber Essentials as it’s an industry recognised starting block that demonstrates strong compliance.
What’s covered in Cyber Essentials Certifications?
1: Boundary firewalls and internet gateways
Using boundary firewalls to monitor traffic to your server(s) enables you to better understand and manage your bandwidth requirements, which can potentially block attackers and external threats.
2: Secure configuration
By ensuring your computers and network devices are configured properly, you can identify systems or databases that you no longer need or use. You will have the opportunity to reduce your overall storage and bandwidth consumption, as well as reducing the level of inherent security vulnerabilities.
3: Access control and administrative privilege management
Managing access control and administrative privileges erodes the opportunity for staff to install time-wasting software onto their computers, as well as removing the insider threat.
4: Malware protection
Implementing appropriate Malware protection has its obvious security advantages, but an often overlooked hidden benefit is the time and cost savings that result from avoiding devices being out of action.
5: Patch management
Keeping on top of software patching and licensing makes your company more productive, as well as more secure. Patches often improve the performance of the products they apply to, and remove issues that slow down employees, such as crashes and poor performance caused by congested networks.
What are the two types of Cyber Essentials certification?
What is Cyber Essentials Standard?
This affordable certification is awarded on the basis of a verified self-assessment. However to achieve this the business needs to put in place a series of detailed policies and processes which take time to assess and implement. Infinity Group helps businesses to then undertake their own assessment via the online self-certified questionnaire. This questionnaire is then verified by one of our independent Assessors to confirm whether the certification criteria has been achieved. Cyber Essentials Standard is awarded as a result.
Ideal for businesses who:
- Want to demonstrate Government backed IT Security compliance
- Are looking for an enhancement of their ISO 27001 certification
- Keen to work towards obtaining the Cyber Essentials Plus Certification
What is Cyber Essentials Plus?
The Cyber Essentials Plus certification can only be obtained by a business after the Cyber Essentials Standard has been awarded. This fully audited certification is awarded by an external Certification Body and offers a higher level of assurance through the external testing of the business’ cyber security approach. A thorough security scan of the network is undertaken by us and all vulnerabilities are identified.
Ideal for businesses who:
- Want to tender for large value projects
- Work with highly regulated industries
- Are looking for an enhancement of their ISO 27001 certification
How is Cyber Essentials Plus different to the Standard?
This certification is more comprehensive and is awarded by Crest an accredited Certification Body after validation. The Cyber Essentials Standard is a self-certified certification
Our Cyber Essentials packages
Our affordable Cyber Essentials packages include a on-site audit of your current setup, including a list of recommendations in line with Cyber Essentials’ strict certification criteria. The Plus certification is awarded by Crest the official Cyber Essentials accreditation body.
Some clients decide to complete the recommendations identified in our audit themselves before we submit them for the Cyber Essentials Plus certification or they submit themselves for the Cyber Essentials Standard certification. Others prefer us to make those recommendations.