What is Cyber Essentials?
Cyber Essentials is a way for businesses of all sizes to review their IT systems to assess how well their security would hold up against a cyber-attack, and to work to put a robust process in place to reduce the chances of being targeted and to minimise the damage if they are.
The UK government and the NCSC (National Cyber Security Centre) jointly created what they describe as an information assurance scheme which allows companies to demonstrate best practice around security.
As the scheme is nationally recognised, accreditation serves as a quick and easily-recognised tool to reassure customers, suppliers and partners that you take legislation compliance seriously.
You can learn more about Cyber Essentials and Cyber Essentials Plus accreditations in this blog: Cyber Essentials vs Cyber Essentials Plus: Whats the difference?
Why is it important in the aerospace industry?
The aerospace and defence industries are struggling with fewer resources available to them at the same time as technological advances, changes in infrastructure and stricter protocols put more demands on security than ever before.
The nature of their work and the requirements of suppliers and customers, means that they have to keep up with the pace of progress and protect themselves from cyber attacks. Businesses of all sizes are at risk of system hacks and data breaches, which could also compromise other organisations in their supply chain.
The UK government also takes the risks very seriously, and produced an Aviation Security Safety Strategy with specific guidance from now until 2022, covering understanding cyber threats and how to manage them.
The aerospace industry is vast and there are strict guidelines in place already aimed specifically at sectors such as:
- aeroplane manufacturers,
- flight safety,
- air traffic control, and
The rise of ‘Connected Aircraft’ means that there is also a greater security risk around the information sent and received by crew and passengers. Satellite and broadband capabilities mean that airborne staff are able to relay information to ground crew more efficiently, but that data is also more vulnerable to being compromised.
There is also a risk of cyber attackers taking over control of systems and rendering them unusable. With so many companies involved in the supply chain, data is disseminated far and wide, and a flaw in the chain could have serious consequences. Wherever you fit in, having your systems checked is vital.
What are the business benefits of Cyber Essentials?
Information security is a legal requirement and you must be able to show that you’re not only compliant with the rules, but you’re also actively working to identify and resolve vulnerabilities.
The introduction of GDPR (General Data Protection Regulation) last year has increased everyone’s awareness of data security, but it’s also worth noting that if you’re looking to tender for government contracts, Cyber Essentials certification is now a requirement.
Your customers and partners, particularly if you’re part of a supply chain, will rightly expect you to keep their information safe. Not doing so, or not showing that it’s a priority through certification, means you could lose work to your competitors.
You can read more about why you should consider Cyber Essentials certification for your business in our blog: Five reasons you need Cyber Essentials
How does the testing work?
Whichever level you choose, your devices, servers and systems are tested against five baseline controls. These apply regardless of your industry. Focusing on “Internet-based attacks which use widely available tools and demand little skill”, the test is straightforward, requiring you to assess your current situation by completing a questionnaire.
The Cyber Essentials Plus also uses the questionnaire, but there is also an additional step to complete. From beginning to end, both tests are expected to take around two to three weeks, although they can take only a few hours, depending on how your IT systems are already aligned with the standards. Your certificate is issued two or three days after the accredited body has decided it’s satisfied with your responses.
How to get Cyber Essentials Certified
The cost of the basic level Cyber Essentials is £300 plus VAT, and you simply download the questionnaire and use it to assess your systems and device security. Your answers then need to be verified by an assessor. Once they’re satisfied, they will award your certificate.
Should you decide to go for the Plus level, a third-party consultant will need to carry out the penetration testing and simulated hacking for you. If they find any gaps or vulnerabilities, you will need to resolve these before you receive the Cyber Essentials Plus accreditation.
There are five UK government-approved accreditation bodies, and they can recommend someone to certify your systems for you. Prices vary for the Plus level certification, as it will depend on how much time it takes the assessor and how many devices you have.
It’s recommended that you renew your certification every year. If you want peace of mind that your systems will be secure and you’ll pass the assessment process, you may want to consider looking for an IT support partner. They can proactively monitor everything for you and prevent attacks before they happen.
Download our free Cyber Essentials Small Business Guide if you would like to know more about how Cyber Essentials can help your business, or get in touch to find out how we can help.