Unleashed are uniquely positioned to help your business get the Cyber Essentials accreditation.
Introduction to Cyber Essentials
In 2014, the UK Government decided to implement a cyber security scheme to help businesses of all size to mitigate cyber-attacks. This scheme is called Cyber Essentials.
This scheme has been designed to give a clear statement on basic controls to all organisations. The aim, is to help them to protect their business against common Internet threats.
The Cyber Essential scheme offers a foundation of the basic security measures that your business can implement and build upon. The UK Government, firmly believes that by implementing basic control measures they can significantly reduce your vulnerability. However, these control measures are not guaranteed to remove all cyber security risks. I.e. Cyber Essentials will not stop a targeted attack against your business, for this you need to implement higher security measures than Cyber Essentials.
What this scheme will do, is give you a structure and define measured controls that provide a cost effective basic cyber security for your business. By following the 5 steps, the UK Government estimate you can mitigate 80% of cyber-attacks
Cyber Essentials comes in two standards – Standard and Plus. Both standards have the same questionnaire. For standard, a self-assessment questionnaire that can be filled in by a competent IT person within your organisation. This is then sent off to the certification body for verification. If all of your answers meet the required standards, you pass and get the Cyber Essentials certificate. You can then be display their logo on your website. If you fail, you will be told where your security measures fall down and you can rectify that area and re-apply.
For Plus (the highest level), the same questionnaires apply but your answers must be verified by an external verification body. Plus can be viewed as an extension to standard. The verification body will send an auditor onsite to verify all of your self-certification questions. In addition, the auditor will carry out some external penetration tests.
Cyber Essentials Control Processes
Cyber Essentials focuses on Internet-originated attacks against an organisations IT systems and has 5 control measures:
- Boundary firewalls and Internet Gateways
These are devices that protect unauthorised access to or from your IT network. They can be dedicated security devices or an Internet facing router.
- Secure Configuration
This means, your systems are configured to conform with the Cyber Essential guidelines.
- Access Control
This means, only those people that need to access systems/data can and they have the appropriate set of permissions.
- Malware Protection
Virus’s and Malware must be installed and kept up to date with the latest patches
- Patch Management
All of your operating systems and Internet facing devices must be kept up to date with the latest patches and fixes that has been supplied by the vendor.
We are hearing more and more about organisations exposing customer’s information to cyber threats. So, this means, it is becoming increasingly important for companies to maintain a robust cyber security policy and equally important, demonstrate this to their customers.
The Assurance Framework has been designed to demonstrate who are implementing cyber security controls against those who are not.
There are a few ways you can use this framework. You could use it to differentiate your business against that of a competitor. Or, you could ask insurers, investors and auditors to take the certification into account when assessing your risk factor.
Cyber Essentials Consultancy
Whilst Cyber Essentials and Cyber Essentials Plus have been designed to be simple and straightforward, you may need some assistance in getting ready for your accreditation. That is where Unleashed can help you.
Cyber Essentials can be a time consuming process, getting help from a qualified Cyber Essentials expert can take the pain and speed up the process.