Why should you consider the Cyber Essentials Scheme for your business?
Shutterstock Image

Why should you consider the Cyber Essentials Scheme for your business?

Cyber Essentials is a simple and very effective, government backed, cyber security scheme that helps direct an organisation's focus to protect it against cyber attacks. This scheme can work for all sizes of companies within any industry.

Here at Cyberfort, we are accredited by IASME to assess and certify organisations under the National Cyber Security Centre Cyber Essentials Scheme. Note - not all cyber security specialists have this!

What are the Benefits of Cyber Essentials?

  1. Helps a business to keep its data protected.
  2. It grants big advantages when bidding for Government work.
  3. Some of the better insurers charge lower cyber security insurance premiums.
  4. It shows your current and prospective clients that you care about cyber security. You are a safe pair of hands.
  5. The Government keeps an updated public list of certified companies. Some companies will only trade with companies on this list.
  6. It shows areas where your business can quickly improve.
  7. Compared to most matters of cyber security, it is probably one of the cheapest most cost effective undertakings a company can do. This is in terms of pounds spent versus improvement in the business’ cyber security posture.

Many believe that criminals only target big companies, but this is not the case. Smaller businesses have less resources to manage cyber security. These resources may be in-house knowledge, time or money. Due to existing long standing trade relationships, bigger companies may be in the habit of trusting smaller companies.

The bad guys know these things!

That is why they target smaller companies. By becoming Cyber Essentials certified, you are giving your trading partners reassurance. You are demonstrating you are serious about cyber security. It could even help you win more business.

Remember Cyber Essentials is designed to

·       not be expensive,

·       rely on easy to implement controls,

·       be educational

Cyber Essentials protects against basic cyber attacks.

Cyber attacks come in various shapes and sizes. But looking at past compromises, most are basic in nature. History has shown these attacks are by unskilled individuals. Think of a passer-by trying their luck to see if you pulled your front door shut behind you. Cyber Essentials offers a good level of protection against these unsophisticated attacks, by covering five areas:

  1. Using office firewalls and Internet gateways
  2. Maintaining secure configuration of your computer equipment
  3. Controlling user accounts and restricting use of administrative accounts
  4. Protecting against malware
  5. Keeping software and devices up to date

The key to achieving Cyber Essentials is getting the scope correct. Organisations that choose a scope which includes their whole IT infrastructure achieve the best protection and maximise their customers' confidence. If you decide to limit the scope then you will need to demonstrate technical controls that enforce the separation of the scoped sub-set from the entire business. Scopes must include end user devices.

90% of all successful attacks came through this avenue. Once the scope has been decided on and agreed with your assessing body (of which we are one) you can look at the five different areas of security controls you have in place.

Remember Cyber Essential requirements apply to all corporate devices that can connect to the Internet, receive connections from the Internet or control the communications path to the Internet.

Cyber Essentials sets configuration requirements for systems.  Default configurations are very rarely strong enough to protect against cyber-attacks. Hackers will often know ways around default configurations, putting your networks at risk.

There are two certification options to choose from:

·       Self certify, Cyber Essentials – answer a self assessment questionnaire. This is something we can mark, submit and offer advice if you need it. It's a great starting point for addressing your business' security. It is the UK's entry cybersecurity certification.

·       We can also audit your business against Cyber Essentials Plus. We will interview some of your staff, review some of your systems and scan what you expose to the Internet. Cyber Essentials Plus shows that your business takes security seriously.

Both certifications have exactly the same scope. It is the method of validation that differs.

Remember, the certifications only lasts 12 months. The assurance they give is only if you keep up with the updates. If you need any assistance with Cyber Essentials, please do not hesitate to reach out to our highly experienced team. We can talk you through and offer advice to ensure your business improves its cyber security posture and is less likely to be compromised.

Certification can take days, if you have all the controls already in place.  If you have to make changes to your systems to become compliant, certification could take several months. Either way we can work with you and ensure your business gets the best possible outcome.

Interested? Speak to one of our experts today and find out more.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics