What is the Cyber Essentials Scheme?
The Cyber Essentials scheme is a UK Government-driven initiative designed to help organisations protect themselves from cyber threats. It provides a set of basic security controls for safeguarding IT systems. The scheme focuses on these five key areas:
- Firewalls and internet gateways
- Secure configuration
- User access control
- Malware protection
- Patch management
The scheme offers two levels of certification: Cyber Essentials and Cyber Essentials Plus. Basic Cyber Essentials certification employs a self-assessment questionnaire, whereas Cyber Essentials Plus requires an independent assessment of the organisation’s security measures.
Achieving Cyber Essentials certification benefits organisations by demonstrating a commitment to cybersecurity with customers and key stakeholders. It may also be required for certain government contracts.
What are the Benefits of Cyber Essentials Certification?
Businesses that achieve Cyber Essentials certification often realise a wide range of benefits. Common benefits include:
- Prevent more cyber-attacks – By implementing the security controls listed in the Cyber Essentials framework, businesses can prevent around 80% of attacks, including phishing attacks, malware, ransomware, and network attacks.
- Demonstrates a commitment to security, helping to build your reputation with customers and stakeholders.
- Enables organisations to work with the UK government and associated agencies.
- Allows organisations to be listed on the National Cyber Security Centre’s (NCSC) database.
What Does Cyber Essentials Cover?
The key five areas covered by Cyber Essentials include:
- Firewalls and routers – Helps you create a barrier between your IT network and external networks to monitor and limit traffic to your network.
- Software updates – Assists in protecting against vulnerabilities in outdated software.
- Malware protection – Enables you to protect against viruses and malware attacks with properly configured antimalware software and limiting untrusted applications.
- Access control – Enables you to manage access to who can access your data and services.
- Secure configuration – Empowers you to select the most secure settings for your devices and software.
How to Get Cyber Essentials Certification
To achieve Cyber Essentials certification, you can follow these steps:
- Define the scope of your IT posture that will be tested.
- Complete and submit the questionnaire. Successful candidates will receive a Cyber Essentials certification at this point.
- For organisations opting for Cyber Essentials Plus, an independent auditor will perform a technical audit of your internal systems.
- Finally, an external scan of your networks will be performed to search for vulnerabilities.
- Once the assessment and the internal scan and external scans are finished, you will be eligible for a Cyber Essentials Plus certification.
Have more questions about the Cyber Essentials scheme? Contact us today to learn more about how you can become compliant.