How to get your Cyber Essentials Certification?

How to get your Cyber Essentials Certification?

Getting your Cyber Essentials Certification can feel a little daunting, especially if you have no idea what it entails. So we have pulled some info together for you to show you what the process looks like, the five controls you will be checked against, and how we can help you get certified.

Just in case you’re not sure what the Cyber Essentials Certification is, here is a quick run-down to catch you up.

What is the Cyber Essentials Certification?

Cyber Essentials is a self-assessment certification to help you protect your business and data from 80% of the most common cyber threats. The scheme was launched in 2015 by the National Cyber Security Centre (NCSC) in partnership with the UK government to help make cyber security both a priority for and more accessible to businesses across the country.

Now we’re all caught up on what it is, let’s recap the benefits of certification.

What are the benefits of getting Cyber Essentials certified?

  1. Expand your client base
    Being certified is mandatory to work with a lot of larger organisations in highly regulated industries, central government, and the Ministry of Defence (MOD).
  2. More time and cost-effective than other certifications
    Cyber Essentials is an ideal alternative to the broader and more stringent certifications like ISO 27001.
  3. Protection against 80% of the most common cyber attacks
    Ultimately, it’s going to help you mitigate business risk and protect you against malware, ransomware, and a whole host of other common cybersecurity threats.
  4. Improve your reputation
    Having a certification like Cyber Essentials in place proves to your prospects and clients that you can be trusted with their data.
  5. Greater oversight of your tech and defences
    Tech is essential for the vast majority of businesses. You don’t need to know the technical ins and outs of your entire network to appreciate the peace of mind that comes with having everything certifiably secure.

How can you become Cyber Essentials certified?

There are a few things to look at here. First things first, this is what the process looks like when you work with a Cyber Essentials consultant or IT support team like ours:

  1. We run a gap analysis – according to the five controls you need to pass in order to get the certification.
  2. We sort the self-assessment for you – so you don’t need to worry about all of that extra admin.
  3. Self-assessment completed – because we’ll have done the gap analysis, helped you sort out any issues, and then completed the self-assessment for you, you’ll pass with no problem.
  4. Get the word out there – you tell everyone that you are Cyber Essentials certified and add the logo to your website. Plus you’ll be listed in IASME’s directory of organisations awarded the certification.
  5. Ongoing support – we can provide ongoing maintenance of your cyber security to ensure your certification doesn’t expire and run regular audits to help keep everything in check

And if you want to opt for Cyber Essentials Plus over Cyber Essentials Basic, we will also run the vulnerability testing needed to verify for the additional certification.

Before you dive in for the assessment, it’s important to understand the 5 controls you are assessed against to get the certification.

What are the 5 controls needed for Cyber Essentials Certification?

The Cyber Essentials and Cyber Essential Plus require you to have some essential cybersecurity protections and processes in place. These are:

  1. Firewalls
    Make sure all the devices you have connected to the Internet are protected with a firewall.
  2. Secure settings
    Change the manufacturer’s default configuration on all your hardware and software – it helps keep cyber attackers at bay.
  3. Control admin permissions
    Your team’s user accounts should only give them access to the devices, software and settings they need to do their job. Admin permissions should only be given to those who need them.
  4. Virus and malware protection
    All devices including laptops, PC’s, phones and tablets, should be protected against attacks by virus or malware. Once these threats are in your network, they can infect other connected devices and software.
  5. Patching requirements
    From operating systems, software and apps to mainframes, laptops, tablets and phones, you should keep all your technical resources up to date at all times. This process is called ‘patching.’

On the downside, we know updates are tiresome. On the upside, they’re usually simple, fast and free.

What do the five controls mean for the assessment?

These five controls are the five main areas covered by the certification. So once your self-assessment is complete, you can have peace of mind that you’re covered against 80% of the most common cyber threats in those five areas.

These systems and processes are best practices in any case, but the Cyber Essentials scheme makes the process more accessible and standardised for businesses across the country.

An in-depth look at Cyber Essentials certification requirements

We pulled together a checklist (both at an overview and in-depth) to help you understand what to expect in your self-assessment and what is tested based on the five controls listed above.

Here is our Cyber Essentials certification checklist

How to get the Cyber Essentials Certification without the admin?

We want to help make your life as easy as possible while making sure your business and data are safe. So whether you want Cyber Essentials Basic or Cyber Essentials Plus, we will handle every step of the process for you.

From initial gap analysis to completing the self-assessment on your behalf, you can hand over the entire process to the experts. We have helped hundreds of businesses through their certifications since it launched in 2015.

So the only thing you need to do is reach out to ask for our help. After that, we’ll even maintain your cybersecurity and patches for you.

Ready to get started? Get in touch with the team and let’s get you certified.