Introduction to Cyber Essentials
Unleashed are uniquely positioned to help your business get the Cyber Essentials accreditation.
Cyber Essentials was introduced in 2014, the UK Government decided to implement a cybersecurity scheme to help businesses of all size to mitigate cyber-attacks. This scheme is called Cyber Essentials and Cyber Essentials Plus (CE and CE+)
CE is a self-assessment questionnaire that Unleashed are accredited to help you complete. CE+ is external verification of the information you have provided with on-site Vulnerability testing.
This scheme has been designed to give a clear statement on basic controls to all organisations. The aim is to help them to protect their business against common Internet threats.
The Cyber Essential scheme offers a foundation of the basic security measures that your business can implement and build upon. The UK Government firmly believes that by implementing basic control measures they can significantly reduce your vulnerability. However, these control measures are not guaranteed to remove all cybersecurity risks. I.e. CE will not stop a targeted attack against your business, for this, you need to implement higher security measures.
What this scheme will do, is give you a structure and define measured controls that provide cost-effective basic cybersecurity for your business. By following the 5 steps, the UK Government estimate you can mitigate 80% of cyber-attacks.
Cyber Essentials comes in two standards – Standard and Plus. Both standards have the same questionnaire. For standard, a self-assessment questionnaire that can be filled in by a competent IT person within your organisation. This is then sent off to the certification body for verification. If all of your answers meet the required standards, you pass and get the Cyber Essentials certificate. You can then display your logo on your website. If you fail, you will be told where your security measures fall down and you can rectify that area and re-apply.
For Plus (the highest level), the same questionnaires apply but your answers must be verified by an external verification body. Plus can be viewed as an extension to the standard. The verification body will send an auditor onsite to verify all of your self-certification questions. In addition, the auditor will carry out some external penetration tests.
Cyber Essentials Control Processes
CE focuses on Internet-originated attacks against an organisations IT systems and has 5 control measures:
- Boundary firewalls and Internet Gateways
These are devices that protect unauthorised access to or from your IT network. They can be dedicated security devices or an Internet-facing router.
- Secure Configuration
This means, your systems are configured to conform to the Cyber Essential guidelines.
- Access Control
This means, only those people that need to access systems/data can and they have the appropriate set of permissions.
- Malware Protection
Virus’s and Malware must be installed and kept up to date with the latest patches
- Patch Management
All of your operating systems and Internet-facing devices must be kept up to date with the latest patches and fixes that have been supplied by the vendor.
We are hearing more and more about organisations exposing customer’s information to cyber threats. So, this means, it is becoming increasingly important for companies to maintain a robust cybersecurity policy and equally important, demonstrate this to their customers.
The Assurance Framework has been designed to demonstrate who are implementing cybersecurity controls against those who are not.
There are a few ways you can use this framework. You could use it to differentiate your business against that of a competitor. Or, you could ask insurers, investors and auditors to take the certification into account when assessing your risk factor.
Cyber Essentials Consultancy
Whilst Cyber Essentials and Cyber Essentials Plus have been designed to be simple and straightforward, you may need some assistance in getting ready for your accreditation. That is where Unleashed can help you.
Cyber Essentials can be a time-consuming process, getting help from a qualified Cyber Essentials expert can take the pain and speed up the process.