What is Cyber Essentials?
The Cyber Essentials scheme is a set of baseline technical controls produced by the UK Government and industry to help organisations, large and small, public and private, improve their defences and publicly demonstrate their commitment to cybersecurity.
The Cyber Essentials scheme addresses the most common internet-based attacks that use widely available tools and that need very little skill for the attacker to use.
The scheme helps organisations to protect the confidentiality, integrity, and availability of data stored on devices that connect to the internet.
There are two certifications available for the Cyber Essentials scheme.
Cyber Essentials is a self-assessment questionnaire that is submitted to us for assessment.
Download the self-assessment questionnaire here.
Cyber Essentials Plus is an assessment that is audited by a certification body like ID Cyber Solutions.
Note: For both certifications you must meet the same Cyber Essentials requirements.
Download the Cyber Essentials requirements documentation here.
Cyber Essentials for your organisation starts here
Five controls you can put in place today
The Cyber Essentials Scheme specifies that all devices that are connected to the internet must be protected with a firewall. A firewall effectively creates a ‘buffer zone’ between your IT network or device and other, external, networks. In the simplest case, this means a firewall creates a buffer zone between your computer (or computers) and ‘the internet’.
Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.
To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services, and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.
Malware is software or web content that has been designed to cause harm. For example, the 2017 WannaCry attack used ransomware, a form of malware that makes data or systems unusable until the victim makes a payment.
No matter which phones, tablets, laptops, or computers your organisation is using, it’s important they are kept up to date at all times. This is true for both operating systems and installed apps or software. Happily, doing so is quick, easy, and free.
What are the advantages of certification?
- Reassure your customers that you are working to secure your IT and their data against cyber attacks.
- Attract new business with the promise you take cybersecurity seriously.
- Build a relationship with a trusted IT supplier.
- Certain local and national government contracts require Cyber Essentials certification.