So you’re ready to level up the cyber security of your business but maybe don’t know where to start. Or you have your eyes on a public sector contract and need the Cyber Essentials certification to qualify for the work.
Whatever your reason for embarking on the Cyber Essentials Basics or Plus certification, it helps to have experts on your side. So, while we offer Cyber Essentials consultancy, we also wanted to take the time here to run you through how it works, and why it matters. And provide a checklist to get you ready for your self-assessment.
What is the Cyber Essentials Certification?
According to the National Cyber Security Centre (NCSC) the Cyber Essentials Certification “helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security”.
It is a government-backed scheme that helps businesses of all sizes to get to grips with cyber security and help to defend themselves against 80% of the most common cyber attacks.
There are two versions of the Cyber Essentials Certification available. Cyber Essentials Basics and Cyber Essentials Plus. Basic simply takes the form of a self-assessment while Cyber Essentials Plus includes vulnerability testing to ensure your security is watertight. At this stage (if not before) you’ll need to bring in an IT support provider or consultant to assist with the testing and verification process.
Why is Cyber Essentials Certification important?
But if, for example, you’re not looking to work with the range of public and private sector organisations that require their suppliers to have the certification, why bother?
Is Cyber Essentials really that important?
The short answer: yes.
The long answer: Cyber Essentials Certification ultimately protects you, your staff, business partners, and clients. By providing protection from 80% of the most common cyber attacks (including malware and ransomware), it keeps your business and data safe.
Having this certification in place reduces your likelihood of becoming a target for attacks and keeps your clients happy. Even without a requirement in place, you’re more likely to retain and attract new clients when you can prove you’ve done your cyber security due diligence.
Did you know that as many as 51% of small businesses don’t have appropriate security for client and customer data? Why? Because many small and medium-sized businesses believe that they simply don’t have systems or data worth hacking.
You don’t need to be one of them. Cyber Essentials is a relatively low-cost and efficient way to protect your business, clients, and data. Plus, it comes with the added bonus of a clearer picture of all of your tech, networks, and systems.
How Cyber Essentials certification works
Getting the Cyber Essentials Certification is a simple 5-step process:
- We run a gap analysis – according to the five controls you need to pass in order to get the certification. During this process, you’ll have access to our team and be able to ask as many questions as you need. We’ll provide you with a report detailing all the things you need to address before the assessment begins
- We sort the self-assessment for you – so you don’t need to worry about all of that extra admin. This means you can sit back, relax, and feel safe in the knowledge that everything you need will be in place.
- Self-assessment passed and complete – because we’ll have done the gap analysis, helped you sort out any issues, and then completed the self-assessment for you, you’ll pass no problem.
- Shout it from the rooftops – you tell everyone and their aunt that you are Cyber Essentials certified. You can add the logo to your website and you’ll be listed IASME’s directory of organisations awarded the certification.
- Ongoing support – we can provide ongoing maintenance of your cyber security to ensure your certification doesn’t expire and run regular audits to help keep everything in check
Bonus: If you want to go in for the Cyber Essentials Plus, we will also run the vulnerability testing as a technical proof of the completion of your assessment.
The Cyber Essentials Checklist
There are key elements of your systems and equipment that need to be checked, secured, and maintained in order to meet the requirements for the Cyber Essentials Certifications.
- Hardware or devices used by your organisation
- Software and firmware used by your organisation
- Boundary devices
- Firewalls and protecting your internet gateway
- Cloud services
- Secure configurations
- Use of passwords
- Protection against malware
- User accounts
Just in case you wanted to know more, here is an in-depth look at our Cyber Essentials Checklist.
How can we help with Cyber Essentials certification?
We manage the entire process on your behalf, as part of the monthly subscription cost for our cyber essentials consultancy. Guiding you through any changes that you need to make to meet the standard, we will also complete the self-assessment. The subscription costs include the cost of the certification and unlimited access to our cybersecurity experts.
Speak to one of our security experts. Take the next step to become certified.