Why should you consider the Cyber Essentials Scheme for your business?
Cyber Essentials is a simple and very effective, government backed, cyber security scheme that helps direct an organisation's focus to protect it against cyber attacks. This scheme can work for all sizes of companies within any industry.
Here at Cyberfort, we are accredited by IASME to assess and certify organisations under the National Cyber Security Centre Cyber Essentials Scheme. Note - not all cyber security specialists have this!
What are the Benefits of Cyber Essentials?
Many believe that criminals only target big companies, but this is not the case. Smaller businesses have less resources to manage cyber security. These resources may be in-house knowledge, time or money. Due to existing long standing trade relationships, bigger companies may be in the habit of trusting smaller companies.
The bad guys know these things!
That is why they target smaller companies. By becoming Cyber Essentials certified, you are giving your trading partners reassurance. You are demonstrating you are serious about cyber security. It could even help you win more business.
Remember Cyber Essentials is designed to
· not be expensive,
· rely on easy to implement controls,
· be educational
Recommended by LinkedIn
Cyber Essentials protects against basic cyber attacks.
Cyber attacks come in various shapes and sizes. But looking at past compromises, most are basic in nature. History has shown these attacks are by unskilled individuals. Think of a passer-by trying their luck to see if you pulled your front door shut behind you. Cyber Essentials offers a good level of protection against these unsophisticated attacks, by covering five areas:
The key to achieving Cyber Essentials is getting the scope correct. Organisations that choose a scope which includes their whole IT infrastructure achieve the best protection and maximise their customers' confidence. If you decide to limit the scope then you will need to demonstrate technical controls that enforce the separation of the scoped sub-set from the entire business. Scopes must include end user devices.
90% of all successful attacks came through this avenue. Once the scope has been decided on and agreed with your assessing body (of which we are one) you can look at the five different areas of security controls you have in place.
Remember Cyber Essential requirements apply to all corporate devices that can connect to the Internet, receive connections from the Internet or control the communications path to the Internet.
Cyber Essentials sets configuration requirements for systems. Default configurations are very rarely strong enough to protect against cyber-attacks. Hackers will often know ways around default configurations, putting your networks at risk.
There are two certification options to choose from:
· Self certify, Cyber Essentials – answer a self assessment questionnaire. This is something we can mark, submit and offer advice if you need it. It's a great starting point for addressing your business' security. It is the UK's entry cybersecurity certification.
· We can also audit your business against Cyber Essentials Plus. We will interview some of your staff, review some of your systems and scan what you expose to the Internet. Cyber Essentials Plus shows that your business takes security seriously.
Both certifications have exactly the same scope. It is the method of validation that differs.
Remember, the certifications only lasts 12 months. The assurance they give is only if you keep up with the updates. If you need any assistance with Cyber Essentials, please do not hesitate to reach out to our highly experienced team. We can talk you through and offer advice to ensure your business improves its cyber security posture and is less likely to be compromised.
Certification can take days, if you have all the controls already in place. If you have to make changes to your systems to become compliant, certification could take several months. Either way we can work with you and ensure your business gets the best possible outcome.