Back in January, we were granted our Cyber Essentials certificate which is a scheme that was introduced by the Government to ensure the protection of data and for companies to understand how the data can be used, secured and compromised. The Cyber Essentials certificate ensures that data is protected from common cyber threats online.
There are two badges that can be gained by organisations, Cyber Essentials and Cyber Essentials PLUS the scheme is backed by the Federation of Small Businesses, the CBI and various insurance companies who offer incentives to businesses.
In 2014 the scheme was launched for any suppliers to the UK government who handle sensitive or personal information and any companies bidding for government contracts – it is a required certification. Insurance companies will typically offer lower premiums for any company that is Cyber Essentials/Cyber Essentials PLUS certified.
With security threats at an all-time high (and with any size business being vulnerable) the Government realised that more had to be done to protect sensitive data – take the NHS attack for example and the WannaCry ransomware threat in 2017. The Cyber Essentials scheme is mostly aimed at businesses who do not have their own dedicated IT teams working around the clock to monitor potential threats.
Cyber attacks can happen to any business, large or small, established or start-up and can cost companies thousands and thousands of pounds, long periods of disruption and downtime. Could your business stay operational after a ransomware attack?
To achieve the Cyber Essentials certification there are five controls that need to be achieved:
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
As we are an IT company and have own IT team we ere able to conduct our own Cyber Essentials certification if you are a business that does not have an IT team in-house you can hire a certified external, third-party body to do the checks for you.
Cyber Essentials PLUS has exactly the same requirements of Cyber Essentials (where you must show that you have met the requirements of the 5 technical security controls). The critical difference is that an independent assessment of the security controls needs to be carried out to verify that the technical security controls are in place.
The assessment includes a vulnerability scan, which can identify unpatched, or unsupported software, open ports, incorrect firewall configuration etc, meaning the Cyber Essentials PLUS certificate can be hard to achieve without the right preparation and assessment. The assessment will analyse your existing security control objectives and will improve cyber defences.
The Cyber Essentials PLUS certificate is a much more highly regarded certification for all businesses looking to make a real improvement.
The purpose of the scheme is to ensure your business is cyber-ready. The certification will be reviewed annually to make sure your security is at its best to defend any potential attacks.
We are thrilled to be Cyber Essentials and Cyber Essential PLUS certified and if there is anything we can help you with then please do not hesitate to contact us.