All businesses, large and small, have an obligation to protect themselves from online threats. To help you do this, the UK government, with the help of the National Cyber Security Centre (NCSC), has introduced Cyber Essentials and Cyber Essentials Plus.
Companies can get certification in one or both of these, which the government terms an ‘information assurance scheme’, to demonstrate to their partners, suppliers and customers that they have adopted good practice when it comes to information security.
What is Cyber Essentials?
Cyber Essentials tests a company’s IT systems and any device (including desktop, tablets and mobiles). which connects to the internet against five baseline controls, and the certification process is designed to be straightforward. The controls are:
- Boundary firewalls and internet gateways
- Malware protection
- Patch management
- Secure configuration
- Access control
As well as demonstrating that the integrity of customer data is important to you, having certification can help you not only win new clients but increase your chances of securing a government contract, where Cyber Essentials certification is now a requirement.
The NCSC explains that the Cyber Essentials system focuses on “Internet-based attacks which use widely available tools and demand little skill”. These include guessing passwords in order to log into secure websites or internal sites, hacking and phishing, and other tricks to fool users into installing a malicious application.
What is Cyber Essentials Plus?
If you choose Cyber Essentials Plus, you still need to be able to demonstrate that you have robust security protection in place to protect against the threats outlined above, but the checks on it are carried out by an independent assessor.
This assessor will test against the same controls which you verify yourself with the Cyber Essentials test, but they do this by simulating phishing attacks and hacking into your systems. One benefit of this is that it exposes any vulnerabilities in a safe way, allowing you to take steps to fix the problem.
Additional Protection for MOD Suppliers
The Ministry of Defence (MOD) has formed the Defence Cyber Protection Partnership (DCPP) with industry to decide upon new cybersecurity standards. Its stated aim is to “Protect military capability by improving cyber defence through the MOD’s supply chain.”
Any organisation which is part of the MOD supply chain (or would like to be) will need to follow a set of criteria which is similar to the Cyber Essentials Scheme and known as the Cyber Security Model. The DCPP has a number of founder businesses as partners, but membership is open to others.
How to get Certification
There are a number of companies which offer to verify your cybersecurity protocols, so it’s important to find one which is accredited by the NCSC. They also have a selection of accreditation bodies who maintain a list of certification bodies you can use. However, we are accredited by IASME and you can view their list by clicking here.
You can have both Cyber Essentials and Cyber Essentials Plus, ATG will do both for you. There is a fee for the scheme, which starts at around £400 + VAT. Testing can be done in a few days.
ATG will help you make sure that your IT is as secure as it should be and that it meets the Cyber Essentials standards. There is then a questionnaire to fill in to double check everything.
ATG verifies your answers and will award your Cyber Essentials or Cyber Essential Plus certificate once we’re happy with everything and you’ve passed the assessment. It’s recommended that you recertify every 12 months. ATG also offer a fully managed Cyber Essentials solution which provides constant monitoring of your systems to the Cyber Essentials Standard. With this managed solution renewal never has to be thought about as automatic renewals are processed each year, meaning you are constantly compliant opposed to compliant at a single moment in time.
To find out more about Cyber Essentials, Cyber Essentials Plus and ATG’s Managed Cyber Essentials and furthermore how to choose which one is right for you, download our SMB Guide to Cyber Essentials.